Overview
In this part, we look into software security in the context of large language models for software engineering. The chapters and their contents are as follows.
-
Threats and Risks discusses the notion of threats and the importance of threat modeling in identifying potential threats to a system.
-
Common Weaknesses in Code introduces the Common Weakness Enumeration (CWE) and the OWASP Top Ten list, which are resources for identifying common weaknesses in code.
-
Vulnerabilities and Code Generation discusses how large language models can produce vulnerable code.
-
Detecting Vulnerabilities with Large Language Models highlights that large language models can be used (to some extent) to detect vulnerabilities in code.
-
Finally, Fixing Vulnerabilities with Large Language Models points out that large language models can be used to fix code vulnerabilities.