当前位置:首页 > 报告详情

克里斯·威索帕尔_HAL到HALT阻止Skynet的兄弟姐妹在GenAI编码时代.pdf

上传人: 张** 编号:175438 2024-09-13 24页 5.56MB

1、#BHUSA BlackHatEventsFrom HAL to HALT:Thwarting Skynets Siblings in the GenAI Coding EraChris WysopalCo-founder&CTO,Veracode Unites States Senate testimony-19 May 1998One of the 1st vulnerability researchers,member of hacker think tank,L0pht in 1990s Improve the Security of Your Product by Breaking

2、Into ItFounded stake security research team and then Veracode to build security into SDLCState of Software Security 2024Addressing the Threat of Security Debt50%40%30%20%10%0%age of application in(years)the honeymoon phase of applications where fewer flaws are introduced12345new flaws introduced by

3、application age8910Lets add the exciting potential of large language models that can write code!12Generating codeUnderstanding code/Code reviewRemediating defectsTranslating programming languagesCreating and maintaining unit testsWriting documentationDeveloper GenAI use right now13Learning about the

4、 code baseSearching for answers to avoid reinventing the wheelReading log files to find a root causeCreating and running functional&non-functional testsRemediating security vulnerabilitiesEmerging dev uses for GenAIPublic GitHub RepositoriesOpen-Source ProjectsDocumentation and CommentsThirds Party

5、Code(License Risk)Training Data SetLarge corpus of data that includes open web content.Large Language ModelsChatGPTCode GeneratorBardUser Result41%41%of Copilot produced code contain known security vulnerabilities.Large Language ModelUser PromptSecurity Implications of LLMsWuhan University Study on

6、AI Code GeneratorsStanford University Study on AI Code GeneratorsNew York University Study on GitHub CopilotPurdue University on ChatGPT accuracy36%Out of the 435 Copilot generated code snippets found in repos 36%contain security weaknesses,across 6 programming languages.Developers using LLMs were m

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
本文探讨了在GenAI编码时代,如何利用人工智能提高软件安全性。作者Chris Wysopal,作为Veracode的联合创始人兼CTO,曾是1990年代黑客思考小组L0pht的成员。文章指出,通过人工智能,可以改善软件安全性,但同时也引入了新风险。研究显示,大型语言模型(LLM)生成代码的安全漏洞问题严重,例如GitHub Copilot产生的代码有41%包含已知的安全漏洞。作者强调,在利用GenAI进行软件开发时,必须考虑安全性,并采取相应措施,如在AI提示中包含安全考虑,尽可能自动化安全过程等。
安全威胁知多少?" "如何确保AI在软件开发中的安全性?" 是机遇还是挑战?"
客服
商务合作
小程序
服务号
折叠