Can LLMs Patch Security Issues?
This addresses the need for safe code generation in safety-critical applications, though it is incremental as it builds on existing feedback mechanisms.
The paper tackles the problem of LLMs generating code with security vulnerabilities by proposing Feedback-Driven Security Patching (FDSP), which uses static code analysis to guide LLMs in refining vulnerable code, resulting in a 17.6% improvement over prior self-feedback methods.
Large Language Models (LLMs) have shown impressive proficiency in code generation. Unfortunately, these models share a weakness with their human counterparts: producing code that inadvertently has security vulnerabilities. These vulnerabilities could allow unauthorized attackers to access sensitive data or systems, which is unacceptable for safety-critical applications. In this work, we propose Feedback-Driven Security Patching (FDSP), where LLMs automatically refine generated, vulnerable code. Our approach leverages automatic static code analysis to empower the LLM to generate and implement potential solutions to address vulnerabilities. We address the research communitys needs for safe code generation by introducing a large-scale dataset, PythonSecurityEval, covering the diversity of real-world applications, including databases, websites and operating systems. We empirically validate that FDSP outperforms prior work that uses self-feedback from LLMs by up to 17.6% through our procedure that injects targeted, external feedback. Code and data are available at \url{https://github.com/Kamel773/LLM-code-refine}