当前位置:首页 >英文主页 >中英对照 > 报告详情

Snyk:2023年AI生成代码安全性报告(英文版)(11页).pdf

上传人: 无*** 编号:148748 2023-12-18 11页 6.11MB

下载:

1、SNYK REPORTMust Change Their Approach56.4%say insecure AI suggestions are common but few have changed processes to improve AI security.AI Code,Security,and Trust:OrganizationsExecutive SummaryIn a short period of time,AI code completion tools have gained significant market penetration.In our survey

2、of 537 software engineering and security team members and leaders,96%of teams use AI coding tools and over half of those teams use the tools most or all of the time.It is safe to say that AI coding tools are now part of the software supply chain at most organizations.The use of AI tools has likely a

3、ccelerated the pace of software code production and sped up new code deployment.On top of that,AI coding tools are polished and convincing.Unfortunately,this polish and ease-of-use has generated misplaced confidence in AI coding assistants and have created a herd mentality that AI coding is safe.In

4、reality,AI coding tools continue to consistently generate insecure code.Among respondents,91.6%said that AI coding tools generated insecure code suggestions at least some of the time.The risks of AI coding tools are magnified by the resulting accelerated pace of code development.This is particularly

5、 true in open source code,where keeping up with the latest security status of open source libraries and packages is challenging due to new insecurities and vulnerabilities landing on a seemingly daily basis.Despite these risks and challenges,our survey found that technology teams are not putting the

6、 proper measures and guardrails in place to best secure their code in this new AI coding age.Less than 10%of survey respondents have automated the majority of their security checks and scanning.80%of respondents said that developers in their organizations bypass AI security policies.Respondents are

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据标记中的内容,本文主要讨论了AI代码完成工具在软件开发中的广泛应用及其带来的安全风险。文章通过调查537名软件工程和安全团队成员发现,尽管96%的团队使用AI编码工具,但91.6%的受访者表示AI工具经常生成不安全的代码建议。尽管如此,75.8%的受访者认为AI代码比人工代码更安全。此外,80%的受访者表示开发人员绕过AI安全政策。文章指出,技术团队没有采取适当的措施来确保他们的代码在新的AI编码时代得到最佳保护,例如只有9.7%的受访者表示他们的团队自动化了75%或更多的安全检查。文章建议,为了应对这些风险,组织应该加强安全措施,如自动化安全扫描和增加代码审计,同时教育技术组织关于外包安全给AI的固有风险。
AI代码完成工具安全吗? 开发者是否过度依赖AI代码完成工具? 如何确保AI生成的代码安全?
客服
商务合作
小程序
服务号
折叠