Login or signup to connect with paper authors and to register for specific Author Connect sessions (if available).
SSDF Insight: AI's Compliance Frontier
Motahareh Pourbehzadi
With the emergence of artificial intelligence (AI) as a transformative force in software development, ensuring the security and compliance of AI-generated content has become a principal concern. Even though AI-generated code has improved the speed of software development and code execution in general, but it has introduced new challenges to these systems as well. The recent executive order on AI mandates adherence to the Secure Software Development Framework (SSDF), posing new challenges for developers and organizations. In response, we propose a novel approach to address compliance challenges by creating a comprehensive dataset of AI-generated code across multiple programming languages and evaluating its compliance with SSDF guidelines. Leveraging the capabilities of ChatGPT, a state-of-the-art language model, we replicate common prompts used by professionals in the tech industry to generate code, ensuring diversity and relevance in the dataset.
The integration of AI technologies into information systems has revolutionized various aspects of software development, from automation to predictive analytics. However, with this advancement comes the imperative for robust security and compliance measures. Information systems form the backbone of modern organizations, including databases, networks, and applications crucial for business operations. Ensuring the security and compliance of AI-generated code within these systems is essential to safeguarding sensitive data, maintaining regulatory compliance, and mitigating potential cybersecurity risks. By addressing compliance challenges in AI-generated content, this study will contribute to enhancing the resilience and reliability of information systems in an increasingly digitized world.
Our methodology involves the systematic generation of code snippets using ChatGPT in response to a curated set of prompts representing common tasks encountered in software development. Using the Software Development Life Cycle (SDLC) framework as well as agile development principals, we could explain how the AI-generated codes could be integrated within various workflows. To assess compliance with SSDF guidelines, we collaborate with domain experts to annotate the generated code and validate its adherence to security and software development best practices. Through this process, we aim to provide valuable insights into the intersection of AI, cybersecurity, and software development. Our findings not only contribute to a deeper understanding of compliance challenges in AI-generated content but also pave the way for more secure and robust software development practices in the era of AI.
AuthorConnect Sessions
No sessions scheduled yet