-
Using AI Assistants in Software Development: A Qualitative Study on Security Practices and Concerns
Authors:
Jan H. Klemmer,
Stefan Albert Horstmann,
Nikhil Patnaik,
Cordelia Ludden,
Cordell Burton Jr,
Carson Powers,
Fabio Massacci,
Akond Rahman,
Daniel Votipka,
Heather Richter Lipford,
Awais Rashid,
Alena Naiakshina,
Sascha Fahl
Abstract:
Following the recent release of AI assistants, such as OpenAI's ChatGPT and GitHub Copilot, the software industry quickly utilized these tools for software development tasks, e.g., generating code or consulting AI for advice. While recent research has demonstrated that AI-generated code can contain security issues, how software professionals balance AI assistant usage and security remains unclear.…
▽ More
Following the recent release of AI assistants, such as OpenAI's ChatGPT and GitHub Copilot, the software industry quickly utilized these tools for software development tasks, e.g., generating code or consulting AI for advice. While recent research has demonstrated that AI-generated code can contain security issues, how software professionals balance AI assistant usage and security remains unclear. This paper investigates how software professionals use AI assistants in secure software development, what security implications and considerations arise, and what impact they foresee on secure software development. We conducted 27 semi-structured interviews with software professionals, including software engineers, team leads, and security testers. We also reviewed 190 relevant Reddit posts and comments to gain insights into the current discourse surrounding AI assistants for software development. Our analysis of the interviews and Reddit posts finds that despite many security and quality concerns, participants widely use AI assistants for security-critical tasks, e.g., code generation, threat modeling, and vulnerability detection. Their overall mistrust leads to checking AI suggestions in similar ways to human code, although they expect improvements and, therefore, a heavier use for security tasks in the future. We conclude with recommendations for software professionals to critically check AI suggestions, AI creators to improve suggestion security and capabilities for ethical security tasks, and academic researchers to consider general-purpose AI in software development.
△ Less
Submitted 10 May, 2024;
originally announced May 2024.
-
Learning force laws in many-body systems
Authors:
Wentao Yu,
Eslam Abdelaleem,
Ilya Nemenman,
Justin C. Burton
Abstract:
Scientific laws describing natural systems may be more complex than our intuition can handle, and thus how we discover laws must change. Machine learning (ML) models can analyze large quantities of data, but their structure should match the underlying physical constraints to provide useful insight. Here we demonstrate a ML approach that incorporates such physical intuition to infer force laws in d…
▽ More
Scientific laws describing natural systems may be more complex than our intuition can handle, and thus how we discover laws must change. Machine learning (ML) models can analyze large quantities of data, but their structure should match the underlying physical constraints to provide useful insight. Here we demonstrate a ML approach that incorporates such physical intuition to infer force laws in dusty plasma experiments. Trained on 3D particle trajectories, the model accounts for inherent symmetries and non-identical particles, accurately learns the effective non-reciprocal forces between particles, and extracts each particle's mass and charge. The model's accuracy (R^2 > 0.99) points to new physics in dusty plasma beyond the resolution of current theories and demonstrates how ML-powered approaches can guide new routes of scientific discovery in many-body systems.
△ Less
Submitted 8 October, 2023;
originally announced October 2023.
-
Mixture Density Network Estimation of Continuous Variable Maximum Likelihood Using Discrete Training Samples
Authors:
Charles Burton,
Spencer Stubbs,
Peter Onyisi
Abstract:
Mixture Density Networks (MDNs) can be used to generate probability density functions of model parameters $\boldsymbolθ$ given a set of observables $\mathbf{x}$. In some applications, training data are available only for discrete values of a continuous parameter $\boldsymbolθ$. In such situations a number of performance-limiting issues arise which can result in biased estimates. We demonstrate the…
▽ More
Mixture Density Networks (MDNs) can be used to generate probability density functions of model parameters $\boldsymbolθ$ given a set of observables $\mathbf{x}$. In some applications, training data are available only for discrete values of a continuous parameter $\boldsymbolθ$. In such situations a number of performance-limiting issues arise which can result in biased estimates. We demonstrate the usage of MDNs for parameter estimation, discuss the origins of the biases, and propose a corrective method for each issue.
△ Less
Submitted 20 July, 2021; v1 submitted 24 March, 2021;
originally announced March 2021.
-
Secure and Verifiable Electronic Voting in Practice: the use of vVote in the Victorian State Election
Authors:
Craig Burton,
Chris Culnane,
Steve Schneider
Abstract:
The November 2014 Australian State of Victoria election was the first statutory political election worldwide at State level which deployed an end-to-end verifiable electronic voting system in polling places. This was the first time blind voters have been able to cast a fully secret ballot in a verifiable way, and the first time a verifiable voting system has been used to collect remote votes in a…
▽ More
The November 2014 Australian State of Victoria election was the first statutory political election worldwide at State level which deployed an end-to-end verifiable electronic voting system in polling places. This was the first time blind voters have been able to cast a fully secret ballot in a verifiable way, and the first time a verifiable voting system has been used to collect remote votes in a political election. The code is open source, and the output from the election is verifiable. The system took 1121 votes from these particular groups, an increase on 2010 and with fewer polling places.
△ Less
Submitted 27 April, 2015;
originally announced April 2015.
