English
Related papers

Related papers: Can Developers rely on LLMs for Secure IaC Develop…

200 papers

Test smells indicate poor development practices in test code, reducing maintainability and reliability. While developers often struggle to prevent or refactor these issues, existing tools focus primarily on detection rather than automated…

Infrastructure as Code (IaC) is the process of managing IT infrastructure via programmable configuration files (also called IaC scripts). Like other software artifacts, IaC scripts may contain security smells, which are coding patterns that…

Cryptography and Security · Computer Science 2022-09-08 Nuno Saavedra , João F. Ferreira

Infrastructure as Code (IaC) has become essential for modern software management, yet security flaws in IaC scripts can have severe consequences, as exemplified by the recurring exploits of Cloud Web Services. Prior work has recognized the…

Cryptography and Security · Computer Science 2025-09-24 Aicha War , Serge L. B. Nikiema , Jordan Samhi , Jacques Klein , Tegawende F. Bissyande

Test smells are coding issues that typically arise from inadequate practices, a lack of knowledge about effective testing, or deadline pressures to complete projects. The presence of test smells can negatively impact the maintainability and…

Software Engineering · Computer Science 2024-07-31 Keila Lucas , Rohit Gheyi , Elvys Soares , Márcio Ribeiro , Ivan Machado

Context: Security smells are recurring coding patterns that are indicative of security weakness, and require further inspection. As infrastructure as code (IaC) scripts, such as Ansible and Chef scripts, are used to provision cloud-based…

Cryptography and Security · Computer Science 2020-06-23 Akond Rahman , Md. Rayhanur Rahman , Chris Parnin , Laurie Williams

Context: Large Language Models (LLMs) are increasingly being used to generate program code. Much research has been reported on the functional correctness of generated code, but there is far less on code quality. Objectives: In this study,…

Software Engineering · Computer Science 2025-10-06 Debalina Ghosh Paul , Hong Zhu , Ian Bayley

Infrastructure as Code (IaC) enables automated provisioning of large-scale cloud and on-premise environments, reducing the need for repetitive manual setup. However, this automation is a double-edged sword: a single misconfiguration in IaC…

Cryptography and Security · Computer Science 2026-01-22 Qiyue Mei , Michael Fu

Code smells are symptoms of potential code quality problems that may affect software maintainability, thus increasing development costs and impacting software reliability. Large language models (LLMs) have shown remarkable capabilities for…

Software Engineering · Computer Science 2026-01-16 Saymon Souza , Amanda Santana , Eduardo Figueiredo , Igor Muzetti , João Eduardo Montandon , Lionel Briand

This paper presents GLITCH, a new technology-agnostic framework that enables automated polyglot code smell detection for Infrastructure as Code scripts. GLITCH uses an intermediate representation on which different code smell detectors can…

Cryptography and Security · Computer Science 2023-08-21 Nuno Saavedra , João Gonçalves , Miguel Henriques , João F. Ferreira , Alexandra Mendes

Prompt engineering reduces reasoning mistakes in Large Language Models (LLMs). However, its effectiveness in mitigating vulnerabilities in LLM-generated code remains underexplored. To address this gap, we implemented a benchmark to…

Software Engineering · Computer Science 2025-02-11 Marc Bruni , Fabio Gabrielli , Mohammad Ghafari , Martin Kropp

Infrastructure as Code (IaC) automates the provisioning and management of IT infrastructure through scripts and tools, streamlining software deployment. Prior studies have shown that IaC scripts often contain recurring security…

Cryptography and Security · Computer Science 2025-09-24 Aicha War , Adnan A. Rawass , Abdoul K. Kabore , Jordan Samhi , Jacques Klein , Tegawende F. Bissyande

Large Language Models (LLMs) have been a promising way for automated vulnerability detection. However, most prior studies have explored the use of LLMs to detect vulnerabilities only within single functions, disregarding those related to…

Software Engineering · Computer Science 2026-04-10 Kevin Lira , Baldoino Fonseca , Davy Baía , Márcio Ribeiro , Wesley K. G. Assunção

This study compares state-of-the-art Large Language Models (LLMs) on their tendency to generate vulnerabilities when writing C programs using a neutral zero-shot prompt. Tihanyi et al. introduced the FormAI dataset at PROMISE'23, featuring…

Cryptography and Security · Computer Science 2024-12-12 Norbert Tihanyi , Tamas Bisztray , Mohamed Amine Ferrag , Ridhi Jain , Lucas C. Cordeiro

Practitioners use Infrastructure as Code (IaC) scripts to efficiently configure IT infrastructures through machine-readable definition files. However, during the development of these scripts, some code patterns or deployment choices may…

Software Engineering · Computer Science 2025-01-22 Seif Kosbar , Mohammad Hamdaqa

While several studies have examined the security of code generated by GPT and other Large Language Models (LLMs), most have relied on controlled experiments rather than real developer interactions. This paper investigates the security of…

Software Engineering · Computer Science 2026-02-19 Vladislav Belozerov , Peter J Barclay , Ashkan Sami

The emergence of vibe coding, a paradigm where non-technical users instruct Large Language Models (LLMs) to generate executable codes via natural language, presents both significant opportunities and severe risks for the construction…

Software Engineering · Computer Science 2026-04-28 S M Jamil Uddin

Test smells reduce test suite reliability and complicate maintenance. While many methods detect test smells, few support automated removal, and most rely on static analysis or machine learning. This study evaluates models with relatively…

Software Engineering · Computer Science 2025-11-20 Rian Melo , Pedro Simões , Rohit Gheyi , Marcelo d'Amorim , Márcio Ribeiro , Gustavo Soares , Eduardo Almeida , Elvys Soares

Context: Code reviews are crucial for software quality. Recent AI advances have allowed large language models (LLMs) to review and fix code; now, there are tools that perform these reviews. However, their reliability and accuracy have not…

Software Engineering · Computer Science 2025-05-27 Umut Cihan , Arda İçöz , Vahid Haratian , Eray Tüzün

While automated vulnerability detection techniques have made promising progress in detecting security vulnerabilities, their scalability and applicability remain challenging. The remarkable performance of Large Language Models (LLMs), such…

Cryptography and Security · Computer Science 2024-10-24 Avishree Khare , Saikat Dutta , Ziyang Li , Alaia Solko-Breslin , Rajeev Alur , Mayur Naik

In recent years, Infrastructure as Code (IaC) has emerged as a critical approach for managing and provisioning IT infrastructure through code and automation. IaC enables organizations to create scalable and consistent environments,…

Cryptography and Security · Computer Science 2025-11-18 Yikun Li , Matteo Grella , Daniel Nahmias , Gal Engelberg , Dan Klein , Giancarlo Guizzardi , Thijs van Ede , Andrea Continella
‹ Prev 1 2 3 10 Next ›