Assessing the Effectiveness of ChatGPT in Secure Code Development: A Systematic Literature Review

IF 23.8 1区计算机科学 Q1 COMPUTER SCIENCE, THEORY & METHODS

ACM Computing Surveys Pub Date : 2025-06-12 DOI:10.1145/3744553

Rezika Bouzid, Raphaël Khoury

{"title":"Assessing the Effectiveness of ChatGPT in Secure Code Development: A Systematic Literature Review","authors":"Rezika Bouzid, Raphaël Khoury","doi":"10.1145/3744553","DOIUrl":null,"url":null,"abstract":"ChatGPT, a Large Language Model (LLM) maintained by OpenAI, has demonstrated a remarkable ability to seemingly comprehend and contextually generate text. Among its myriad applications, its capability to autonomously generate and analyze computer code stands out as particularly promising. This functionality has piqued substantial interest due to its potential to streamline the software development process. However, this technological advancement also brings to the forefront significant apprehensions concerning the security of code produced by LLMs. In this paper, we survey recent research that examines the use of ChatGPT to generate secure code, detect vulnerabilities in code, or perform other tasks related to secure code development. Beyond categorizing and synthesizing these studies, we identify important insights into ChatGPT’s potential impact on secure programming. Key findings indicate that while ChatGPT shows great promise as an aid in writing secure code, challenges remain. Its effectiveness varies across security tasks, depending on the context of experimentation (e.g., programming language, CWE, code length, etc.) and the benchmark used for comparison—whether against other LLMs, traditional analysis tools, or its own versions. The overall trend indicates that GPT-4 consistently surpasses its predecessor in most tasks.","PeriodicalId":50926,"journal":{"name":"ACM Computing Surveys","volume":"25 1","pages":""},"PeriodicalIF":23.8000,"publicationDate":"2025-06-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Computing Surveys","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1145/3744553","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}

引用次数: 0

Abstract

ChatGPT, a Large Language Model (LLM) maintained by OpenAI, has demonstrated a remarkable ability to seemingly comprehend and contextually generate text. Among its myriad applications, its capability to autonomously generate and analyze computer code stands out as particularly promising. This functionality has piqued substantial interest due to its potential to streamline the software development process. However, this technological advancement also brings to the forefront significant apprehensions concerning the security of code produced by LLMs. In this paper, we survey recent research that examines the use of ChatGPT to generate secure code, detect vulnerabilities in code, or perform other tasks related to secure code development. Beyond categorizing and synthesizing these studies, we identify important insights into ChatGPT’s potential impact on secure programming. Key findings indicate that while ChatGPT shows great promise as an aid in writing secure code, challenges remain. Its effectiveness varies across security tasks, depending on the context of experimentation (e.g., programming language, CWE, code length, etc.) and the benchmark used for comparison—whether against other LLMs, traditional analysis tools, or its own versions. The overall trend indicates that GPT-4 consistently surpasses its predecessor in most tasks.

查看原文本刊更多论文

评估ChatGPT在安全代码开发中的有效性：系统的文献综述

ChatGPT是一个由OpenAI维护的大型语言模型（LLM），它已经展示了一种非凡的能力，似乎可以理解并根据上下文生成文本。在其众多应用中，其自主生成和分析计算机代码的能力尤其有前景。由于该功能具有简化软件开发过程的潜力，因此引起了人们的极大兴趣。然而，这种技术进步也带来了对法学硕士产生的代码安全性的重大担忧。在本文中，我们调查了最近的研究，这些研究检查了使用ChatGPT来生成安全代码，检测代码中的漏洞，或执行与安全代码开发相关的其他任务。除了对这些研究进行分类和综合之外，我们还确定了ChatGPT对安全编程的潜在影响的重要见解。主要发现表明，虽然ChatGPT作为编写安全代码的辅助工具显示出巨大的前景，但挑战仍然存在。它的有效性因安全任务而异，这取决于实验的上下文（例如，编程语言、CWE、代码长度等）和用于比较的基准——无论是与其他llm、传统分析工具，还是与自己的版本进行比较。总体趋势表明，GPT-4在大多数任务中始终超过其前身。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

ACM Computing Surveys 工程技术-计算机：理论方法

CiteScore

33.20

自引率

0.60%

发文量

372

审稿时长

12 months

期刊介绍： ACM Computing Surveys is an academic journal that focuses on publishing surveys and tutorials on various areas of computing research and practice. The journal aims to provide comprehensive and easily understandable articles that guide readers through the literature and help them understand topics outside their specialties. In terms of impact, CSUR has a high reputation with a 2022 Impact Factor of 16.6. It is ranked 3rd out of 111 journals in the field of Computer Science Theory & Methods. ACM Computing Surveys is indexed and abstracted in various services, including AI2 Semantic Scholar, Baidu, Clarivate/ISI: JCR, CNKI, DeepDyve, DTU, EBSCO: EDS/HOST, and IET Inspec, among others.