Authors: Rasmus Ingemann Tuffveson Jensen, Vali Tawosi, Salwa Alamir

Published on: March 13, 2024

Impact Score: 7.6

Arxiv code: Arxiv:2403.08429

Summary

• What is new: Using Large Language Models (LLMs) for code review focusing on flagging security vulnerabilities and validating software functionality.
• Why this is important: Code review is essential yet expensive and tedious in software development.
• What the research proposes: Utilizing zero-shot and chain-of-thought prompting with LLMs for code review tasks.
• Results: Proprietary models from OpenAI significantly outperform open-source LLMs, with 36.7% of LLM-generated security vulnerability descriptions matching true CWE vulnerabilities.

Technical Details

Technological frameworks used: Zero-shot and chain-of-thought prompting

Models used: Proprietary models from OpenAI and open-source LLMs

Data used: HumanEval, MBPP, and CWE code snippets

Potential Impact

Software development firms, cybersecurity companies, and businesses utilizing automated code review tools.

Want to implement this idea in a business?

We have generated a startup concept here: CodeGuardAI.