๐ก If you are building, evaluating, or relying on LLMs for software development, please ask yourself: Did it warn you about the hidden security risk?
07.04.2025 13:43 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0
As a preliminary solution to this problem, we built a CLI tool prototype that integrates static analysis with LLM prompting, aiming to make AI code suggestions more secure by design.
07.04.2025 13:43 โ ๐ 0 ๐ 0 ๐ฌ 1 ๐ 0
However, when LLMs do warn you, they tend to offer more complete explanations, including potential causes of the vulnerability, exploits, and even fixes.
07.04.2025 13:43 โ ๐ 0 ๐ 0 ๐ฌ 1 ๐ 0
We evaluated GPT-4, Claude 3, and Llama 3 across 300 real-world Stack Overflow posts containing vulnerable code.
The results?
โ ๏ธ<40% of vulns flagged
โ ๏ธAs low as 12.6% when code was obfuscated
โ ๏ธCommon issues (e.g., unsanitized input) often missed - unless explicitly prompted
07.04.2025 13:43 โ ๐ 0 ๐ 0 ๐ฌ 1 ๐ 0
Do LLMs Consider Security? An Empirical Study on Responses to Programming Questions
The widespread adoption of conversational LLMs for software development has raised new security concerns regarding the safety of LLM-generated content. Our motivational study outlines ChatGPT's potent...
LLMs are great at generating code, but are they silently spreading vulnerabilities? TLDR: Yes.
In our latest EMSE paper, we look into: when developers unknowingly share vulnerable code with LLMs, do these models proactively raise security red flags? ๐งต
๐ Read the paper: arxiv.org/abs/2502.14202
07.04.2025 13:42 โ ๐ 2 ๐ 0 ๐ฌ 1 ๐ 0
Delighted to share that our paper, led by my PhD advisee Ramtin Ehsani, โTowards Detecting Prompt Knowledge Gaps for Improved LLM-guided Issue Resolution,โ has been accepted to the Research Track of MSR 2025.
Preprint: soar-lab.github.io//papers/MSR2...
21.01.2025 02:17 โ ๐ 3 ๐ 0 ๐ฌ 0 ๐ 0
I can now run a GPT-4 class model on my laptop
Metaโs new Llama 3.3 70B is a genuinely GPT-4 class Large Language Model that runs on my laptop. Just 20 months ago I was amazed to see something that felt โฆ
I can now run a GPT-4 class model on my laptop
(The exact same laptop that could just about run a GPT-3 class model 20 months ago)
The new Llama 3.3 70B is a striking example of the huge efficiency gains we've seen in the last two years
simonwillison.net/2024/Dec/9/l...
09.12.2024 15:19 โ ๐ 361 ๐ 59 ๐ฌ 11 ๐ 6
Congrats!!
10.12.2024 14:59 โ ๐ 1 ๐ 0 ๐ฌ 0 ๐ 0
#NeurIPS2024 paper 3, Assemblage - the dataset of source-to-binary projects compiled from GitHub that you've dreamed of bet never had before! Collab with @krismicinski.bsky.social and a multi-year effort to get to @NeurIPSConf @BoozAllen arxiv.org/abs/2405.03991
07.12.2024 20:01 โ ๐ 6 ๐ 3 ๐ฌ 1 ๐ 0
๐ Thrilled to share that our paper (with Ramtin Ehsani and @rezapour.bsky.social) has been accepted at NLBSE'25, co-located with @icseconf.bsky.social! ๐
Our work shows promise in improving toxicity detection in OSS using moral values & psycholinguistic cues. Preprint coming soon.
09.12.2024 16:42 โ ๐ 3 ๐ 2 ๐ฌ 0 ๐ 0
Can you please add me here
23.11.2024 03:28 โ ๐ 1 ๐ 0 ๐ฌ 0 ๐ 0
CS prof @UIC; computer scientist (networks & systems); previously Nvidia, Purdue, BITS-Pilani; tennis aficionado; designed a chip for the first MacBook Air.
Assistant Professor, Wayne State University, Software Engineering researcher.
Professor of Software Engineering and Computer Science at the University of Ottawa, Canada
Sr. Director @CrowdStrike. Visiting Prof @UMBC. Interested in all things ML
โค๏ธ developer tools + empirical software engineering + programming languages. Pronouns: he/him. #MTL #YVR #LKA ๐ฑ๐ฐ๐จ๐ฆ keheliya.github.io
Hridesh Rajan is the Dean of the Tulane University School of Science and Engineering. At Tulane, his goal is to grow interdisciplinary, research-focused education in science and engineering for better lives. https://sse.tulane.edu
2nd ACM International Conference on AI-powered Software (AIware) | Co-located with ASE 2025
Assistant Professor, Nara Institute of Science and Technology, Japan. Software Design and Analysis Lab. From Adelaide, Australia. ๐ฆ
https://brittany-reid.github.io/
Cybersecurity R&D Lead, @berkeleylab.lbl.gov; Adjunct Professor, UC Davis; Editor-in-Chief, IEEE Security & Privacy; Director, Trusted CI, the NSF Cybersecurity Center of Excellence. https://infosec.exchange/@peisert
https://www.cs.ucdavis.edu/~peisert/
CASCON - The IEEE International Conference on Collaborative Advances in Software and Computing (35th anniversary).
Official Hashtag: #CASCON2025
Junior Group Leader @ http://codelounge.si.usi.ch . Tweets about software engineering, politics & more | He/him
Software engineering phd student at Carnegie Mellon University. Enjoys empirical open source software supply chain sustainability and security research, cycling, and climbing.
http://courtney-e-miller.github.io/
Working on Trustworthy AI4Code, SE/HCI at Microsoft Research.
Trying this out
Associate Teaching Professor in Software Engineering @ Carnegie Mellon University
Professor of Software Engineering/Information Systems & Head of Complex Systems Engineering Lab (LabESC) & Researcher of Software Ecosystems/Systems-of-Systems at https://br.linkedin.com/in/profrodrigosantos
Assistant Professor of Computer Science and Engineering; AI/ML Systems, Causal AI, Robotics.
https://pooyanjamshidi.github.io
Assistant Professor in Software Engineering @ University of Groningen
Professor of economics at George Mason University, fellow at the Peterson Institute of International Economics, IZA, CReAM/UCL, CGD. Associate Editor JEP. USAID 2021โ2024. Personal views exclusively.
Web: http://mclem.org
ORCID: 0000-0003-1354-0965
