Ocassionally Secure: A Comparative Analysis of Code Generation Assistants
This addresses the need for safe deployment of LLMs in code generation for developers, but it is incremental as it builds on prior work by focusing on contextual factors.
The paper tackled the problem of identifying conditions for secure and effective code generation by LLMs in real-world scenarios, finding through a comparative analysis of four models across 9 tasks that they produce varying levels of functionality, security, performance, complexity, and reliability in 61 code outputs.
$ $Large Language Models (LLMs) are being increasingly utilized in various applications, with code generations being a notable example. While previous research has shown that LLMs have the capability to generate both secure and insecure code, the literature does not take into account what factors help generate secure and effective code. Therefore in this paper we focus on identifying and understanding the conditions and contexts in which LLMs can be effectively and safely deployed in real-world scenarios to generate quality code. We conducted a comparative analysis of four advanced LLMs--GPT-3.5 and GPT-4 using ChatGPT and Bard and Gemini from Google--using 9 separate tasks to assess each model's code generation capabilities. We contextualized our study to represent the typical use cases of a real-life developer employing LLMs for everyday tasks as work. Additionally, we place an emphasis on security awareness which is represented through the use of two distinct versions of our developer persona. In total, we collected 61 code outputs and analyzed them across several aspects: functionality, security, performance, complexity, and reliability. These insights are crucial for understanding the models' capabilities and limitations, guiding future development and practical applications in the field of automated code generation.