1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • GitHub autopilot "highly likely" to introduce bugs and vulnerabil

    From TechnologyDaily@1337:1/100 to All on Thu Aug 26 14:45:04 2021
    GitHub autopilot "highly likely" to introduce bugs and vulnerabilities,
    report claims

    Date:
    Thu, 26 Aug 2021 13:26:12 +0000

    Description:
    Researchers find GitHubs AI-powered code suggestion tool doesnt always
    produce secure code.

    FULL STORY ======================================================================

    Academic researchers discover that nearly 40% of the code suggestions by GitHub s Copilot tool are erroneous, from a security point of view.

    Developed by GitHub in collaboration with OpenAI, and currently in private beta testing, Copilot leverages artificial intelligence ( AI ) to make relevant coding suggestions to programmers as they write code.

    To help quantify the value-add of the system, the academic researchers
    created 89 different scenarios for Copilot to suggest code for, which
    produced over 1600 programs. Reviewing them, the researchers discovered that almost 40% were vulnerable in one way or another. Heres our roundup of the best laptops for programming Start your web development journey with these best HTML courses Check our list of these best Python courses

    Overall, Copilots response to our scenarios is mixed from a security standpoint, given the large number of generated vulnerabilities (across all axes and languages, 39.33 % of the top and 40.48 % of the total options were vulnerable), note the researchers . Unfiltered learning

    To perform their analysis, the researchers prompt Copilot to generate code in scenarios relevant to common software security weaknesses, and then analyze the generated code on three distinct parameters to gauge its effectiveness.

    Since Copilot draws on publicly available code in GitHub repositories, the researchers theorize that the generated vulnerable code could perhaps just be the result of the system mimicking the behavior of buggy code in the repositories.

    Furthermore, the researchers note that in addition to perhaps inheriting
    buggy training data, Copilot also fails to consider the age of the training data.

    What is best practice at the time of writing may slowly become bad practice
    as the cybersecurity landscape evolves. Instances of out-of-date practices
    can persist in the training set and lead to code generation based on obsolete approaches, say the researchers.

    GitHub didnt immediately respond to TechRadar Pro s email asking for their take on the research. Heres our roundup of the best laptops for programming



    ======================================================================
    Link to news story: https://www.techradar.com/news/github-autopilot-highly-likely-to-introduce-bug s-and-vulnerabilities-report-claims/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)