View in EDS

Asleep at the Keyboard? Assessing the Security of GitHub Copilot's Code Contributions.

Saved in:

Bibliographic Details
Title:	Asleep at the Keyboard? Assessing the Security of GitHub Copilot's Code Contributions.
Authors:	Pearce, Hammond, Ahmad, Baleegh, Tan, Benjamin, Dolan-Gavitt, Brendan, Karri, Ramesh
Source:	Communications of the ACM; Feb2025, Vol. 68 Issue 2, p96-105, 10p
Subject Terms:	HUMAN-artificial intelligence interaction, COMPUTER programming, COMPUTER security vulnerabilities, PROGRAMMING languages
Company/Entity:	GITHUB Inc.
Abstract:	This research article seeks to exploit vulnerabilities in using Github Copilot for paired human-artificial intelligence code generation. The method employs MITRE’s top 25 Common Weakness Enumeration (CWE) list to evaluate Copilot’s performance in regards to three areas- diversity of weakness, diversity of prompt, and diversity of domain. The discussion of the results includes an overview on threats to validity of the results including CWE and scenario inclusion and reproducibility of code generated.
Database:	Complementary Index

Description
Abstract:	This research article seeks to exploit vulnerabilities in using Github Copilot for paired human-artificial intelligence code generation. The method employs MITRE’s top 25 Common Weakness Enumeration (CWE) list to evaluate Copilot’s performance in regards to three areas- diversity of weakness, diversity of prompt, and diversity of domain. The discussion of the results includes an overview on threats to validity of the results including CWE and scenario inclusion and reproducibility of code generated.
ISSN:	00010782
DOI:	10.1145/3610721