Leveraging on LLM to Improve Secure Code Review Process
Secure Code Review (SCR) has been a long-standing practice of secure software development. While there are tools to assist the process, there is still a need for manual supervision which requires technical depth. However, in recent years, Large Language Models (LLM) have demonstrated abilities to understand the semantics of programming languages and perform complex tasks such as writing programs autonomously.
In this work, LLM was adopted to perform the review of the output produced by SCR tools in attempt to reduce the technical debt of conducting such niche assessment. It was conclusively shown how LLM can be used to reduce the barrier of entry towards SCR process.
History
Degree Type
- Master's Thesis
Thesis Department
- Heinz College of Information Systems and Public Policy
Degree Name
- Master of Science in Information Security Policy and Management (MSISPM)