Following the recent release of AI assistants, such as OpenAI’s ChatGPT and GitHub Copilot, the software industry quickly utilized these tools for software development tasks, e.g., generating code or consulting AI for advice. While recent research has demonstrated that AI-generated code can contain security issues, how software professionals balance AI assistant usage and security remains unclear. This paper investigates how software professionals use AI assistants in secure software development, what security implications and considerations arise, and what impact they foresee on security in software development. We conducted 27 semi-structured interviews with software professionals, including software engineers, team leads, and security testers. We also reviewed 190 relevant Reddit posts and comments to gain insights into the current discourse surrounding AI assistants for software development. Our analysis of the interviews and Reddit posts finds that, despite many security and quali...
Using AI Assistants in Software Development: A Qualitative Study on Security Practices and Concerns / Klemmer, Jan H.; Horstmann, Stefan Albert; Patnaik, Nikhil; Ludden, Cordelia; Burton, Cordell Jr.; Powers, Carson; Massacci, Fabio; Rahman, Akond; Votipka, Daniel; Richter Lipford, Heather; Rashid, Awais; Naiakshina, Alena; Fahl, Sascha. - (2024), pp. 2726-2740. ( 31st ACM SIGSAC Conference on Computer and Communications Security, CCS 2024 usa 2024) [10.1145/3658644.3690283].
Using AI Assistants in Software Development: A Qualitative Study on Security Practices and Concerns
Massacci, Fabio
;
2024-01-01
Abstract
Following the recent release of AI assistants, such as OpenAI’s ChatGPT and GitHub Copilot, the software industry quickly utilized these tools for software development tasks, e.g., generating code or consulting AI for advice. While recent research has demonstrated that AI-generated code can contain security issues, how software professionals balance AI assistant usage and security remains unclear. This paper investigates how software professionals use AI assistants in secure software development, what security implications and considerations arise, and what impact they foresee on security in software development. We conducted 27 semi-structured interviews with software professionals, including software engineers, team leads, and security testers. We also reviewed 190 relevant Reddit posts and comments to gain insights into the current discourse surrounding AI assistants for software development. Our analysis of the interviews and Reddit posts finds that, despite many security and quali...| File | Dimensione | Formato | |
|---|---|---|---|
|
2405.06371v2.pdf
accesso aperto
Tipologia:
Post-print referato (Refereed author’s manuscript)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
801.59 kB
Formato
Adobe PDF
|
801.59 kB | Adobe PDF | Visualizza/Apri |
|
3658644.3690283.pdf
Solo gestori archivio
Tipologia:
Versione editoriale (Publisher’s layout)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
1.27 MB
Formato
Adobe PDF
|
1.27 MB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione
