{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,6]],"date-time":"2026-06-06T05:14:15Z","timestamp":1780722855439,"version":"3.54.1"},"publisher-location":"New York, NY, USA","reference-count":75,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,12,2]],"date-time":"2024-12-02T00:00:00Z","timestamp":1733097600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"NWO, Dutch Research Organization - Kennis- en Innovatieconvenant (KIC)","award":["KICH1.VE01.20.004"],"award-info":[{"award-number":["KICH1.VE01.20.004"]}]},{"name":"Deutsche Forschungsgemeinschaft (DFG, German Research Foundation)","award":["Germany's Excellence Strategy - EXC 2092 CASA - 390781972"],"award-info":[{"award-number":["Germany's Excellence Strategy - EXC 2092 CASA - 390781972"]}]},{"DOI":"10.13039\/501100006374","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["2247141,2312321"],"award-info":[{"award-number":["2247141,2312321"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]},{"name":"EPSRC","award":["EP\/V011189\/1,EP\/W025361\/1"],"award-info":[{"award-number":["EP\/V011189\/1,EP\/W025361\/1"]}]},{"name":"European Union Horizon Europe program","award":["101120393"],"award-info":[{"award-number":["101120393"]}]},{"name":"VolkswagenStiftung","award":["Nieders\u00e4chsisches Vorab ? ZN3695"],"award-info":[{"award-number":["Nieders\u00e4chsisches Vorab ? ZN3695"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,12,2]]},"DOI":"10.1145\/3658644.3690283","type":"proceedings-article","created":{"date-parts":[[2024,12,9]],"date-time":"2024-12-09T12:19:20Z","timestamp":1733746760000},"page":"2726-2740","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":24,"title":["Using AI Assistants in Software Development: A Qualitative Study on Security Practices and Concerns"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-6994-7206","authenticated-orcid":false,"given":"Jan H.","family":"Klemmer","sequence":"first","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Hanover, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4053-0706","authenticated-orcid":false,"given":"Stefan Albert","family":"Horstmann","sequence":"additional","affiliation":[{"name":"Ruhr University Bochum, Bochum, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8055-3750","authenticated-orcid":false,"given":"Nikhil","family":"Patnaik","sequence":"additional","affiliation":[{"name":"University of Bristol, Bristol, United Kingdom"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-8447-5903","authenticated-orcid":false,"given":"Cordelia","family":"Ludden","sequence":"additional","affiliation":[{"name":"Tufts University, Medford, MA, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-5596-4518","authenticated-orcid":false,"suffix":"Jr.","given":"Cordell","family":"Burton","sequence":"additional","affiliation":[{"name":"Tufts University, Medford, MA, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-6643-8734","authenticated-orcid":false,"given":"Carson","family":"Powers","sequence":"additional","affiliation":[{"name":"Tufts University, Medford, MA, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1091-8486","authenticated-orcid":false,"given":"Fabio","family":"Massacci","sequence":"additional","affiliation":[{"name":"Vrije Universiteit Amsterdam & University of Trento, Amsterdam, Netherlands"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5056-757X","authenticated-orcid":false,"given":"Akond","family":"Rahman","sequence":"additional","affiliation":[{"name":"Auburn University, Auburn, AL, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9985-250X","authenticated-orcid":false,"given":"Daniel","family":"Votipka","sequence":"additional","affiliation":[{"name":"Tufts University, Medford, MA, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5261-0148","authenticated-orcid":false,"given":"Heather Richter","family":"Lipford","sequence":"additional","affiliation":[{"name":"UNC Charlotte, Charlotte, NC, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0109-1341","authenticated-orcid":false,"given":"Awais","family":"Rashid","sequence":"additional","affiliation":[{"name":"University of Bristol, Bristol, United Kingdom"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-1843-2027","authenticated-orcid":false,"given":"Alena","family":"Naiakshina","sequence":"additional","affiliation":[{"name":"Ruhr University Bochum, Bochum, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5644-3316","authenticated-orcid":false,"given":"Sascha","family":"Fahl","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Hanover, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2024,12,9]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.25"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2017.24"},{"key":"e_1_3_2_1_3_1","volume-title":"Developers Need Support Too: A Survey of Security Advice for Software Developers. In 2017 IEEE Cybersecurity Development (SecDev)","author":"Acar Yasemin","unstructured":"Yasemin Acar, Christian Stransky, Dominik Wermke, Charles Weir, Michelle L Mazurek, and Sascha Fahl. 2017. Developers Need Support Too: A Survey of Security Advice for Software Developers. In 2017 IEEE Cybersecurity Development (SecDev). IEEE, 22--26."},{"key":"e_1_3_2_1_4_1","unstructured":"ACM Publications Board. 2021. ACM Publications Policy on Research Involving Human Participants and Subjects. https:\/\/www.acm.org\/publications\/policies\/research-involving-human-participants-and-subjects"},{"key":"e_1_3_2_1_5_1","unstructured":"Amberscript Global B.V. 2024. Amberscript. https:\/\/www.amberscript.com"},{"key":"e_1_3_2_1_6_1","volume-title":"2024 IEEE Symposium on Security and Privacy (SP). IEEE, 249--249","author":"Amft Sabrina","year":"2024","unstructured":"Sabrina Amft, Sandra H\u00f6ltervennhoff, Rebecca Panskus, Karola Marky, and Sascha Fahl. 2024. Everyone for Themselves? A Qualitative Study about Individual Security Setups of Open Source Software Contributors. In 2024 IEEE Symposium on Security and Privacy (SP). IEEE, 249--249."},{"key":"e_1_3_2_1_7_1","volume-title":"Using thematic analysis in psychology. Qualitative research in psychology","author":"Braun Virginia","year":"2006","unstructured":"Virginia Braun and Victoria Clarke. 2006. Using thematic analysis in psychology. Qualitative research in psychology, Vol. 3, 2 (2006), 77--101."},{"key":"e_1_3_2_1_8_1","unstructured":"Virginia Braun and Victoria Clarke. 2024. Got questions about TA? We have prepared some answers to some of the common ones we receive. https:\/\/www.thematicanalysis.net\/faqs\/"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1080\/14780887.2019.1670765"},{"key":"e_1_3_2_1_10_1","first-page":"3","article-title":"Generative AI Degrades Online","volume":"67","author":"Burtch Gordon","year":"2024","unstructured":"Gordon Burtch, Dokyun Lee, and Zhichen Chen. 2024. Generative AI Degrades Online Communities. Commun. ACM, Vol. 67, 3 (Feb. 2024), 40--42.","journal-title":"Communities. Commun. ACM"},{"key":"e_1_3_2_1_11_1","volume-title":"Proc. 15th Symposium on Usable Privacy and Security (SOUPS'19)","author":"Busse Karoline","year":"2019","unstructured":"Karoline Busse, Julia Sch\u00e4fer, and Matthew Smith. 2019. Replication: No One Can Hack My Mind Revisiting a Study on Expert and Non-Expert Security Practices and Advice. In Proc. 15th Symposium on Usable Privacy and Security (SOUPS'19). USENIX, 117--136."},{"key":"e_1_3_2_1_12_1","first-page":"3","article-title":"A worked example of Braun and Clarke's approach to reflexive thematic analysis","volume":"56","author":"Byrne David","year":"2021","unstructured":"David Byrne. 2021. A worked example of Braun and Clarke's approach to reflexive thematic analysis. Quality & Quantity, Vol. 56, 3 (June 2021), 1391--1412.","journal-title":"Quality & Quantity"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2019.00065"},{"key":"e_1_3_2_1_14_1","volume-title":"AI hallucinates software packages and devs download them -- even if potentially poisoned with malware. The Register","author":"Claburn Thomas","year":"2024","unstructured":"Thomas Claburn. 2024. AI hallucinates software packages and devs download them -- even if potentially poisoned with malware. The Register (2024). https:\/\/www.theregister.com\/2024\/03\/28\/ai_bots_hallucinate_software_packages\/ Accessed: 2024-04-04."},{"key":"e_1_3_2_1_15_1","volume-title":"Thematic analysis. Qualitative psychology: A practical guide to research methods","author":"Clarke Victoria","year":"2015","unstructured":"Victoria Clarke, Virginia Braun, and Nikki Hayfield. 2015. Thematic analysis. Qualitative psychology: A practical guide to research methods, Vol. 3 (2015), 222--248."},{"key":"e_1_3_2_1_16_1","unstructured":"Copilot. 2024. About GitHub Copilot Enterprise. https:\/\/docs.github.com\/en\/copilot\/github-copilot-enterprise\/overview\/about-github-copilot-enterprise"},{"key":"e_1_3_2_1_17_1","volume-title":"Basics of qualitative research: Techniques and procedures for developing grounded theory","author":"Corbin Juliet","unstructured":"Juliet Corbin and Anselm Strauss. 2014. Basics of qualitative research: Techniques and procedures for developing grounded theory. Sage Publications."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510223"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE43902.2021.00057"},{"key":"e_1_3_2_1_20_1","volume-title":"Focus: Google, one of AI?s biggest backers, warns own staff about chatbots","author":"Dastin Jeffrey","year":"2023","unstructured":"Jeffrey Dastin and Anna Tong. 2023. Focus: Google, one of AI?s biggest backers, warns own staff about chatbots. Reuters (2023). https:\/\/www.reuters.com\/technology\/google-one-ais-biggest-backers-warns-own-staff-about-chatbots-2023-06--15\/ Accessed: 2024-03-01."},{"key":"e_1_3_2_1_21_1","unstructured":"Randall Degges. 2024. Copilot amplifies insecure codebases by replicating vulnerabilities in your projects. Technical Report. snyk. https:\/\/snyk.io\/blog\/copilot-amplifies-insecure-codebases-by-replicating-vulnerabilities\/"},{"key":"e_1_3_2_1_22_1","unstructured":"Yangruibo Ding Yanjun Fu Omniyyah Ibrahim Chawin Sitawarin Xinyun Chen Basel Alomair David Wagner Baishakhi Ray and Yizheng Chen. 2024. Vulnerability Detection with Code Language Models: How Far Are We?arxiv: 2403.18624 [cs.SE]"},{"key":"e_1_3_2_1_23_1","unstructured":"Thomas Dohmke. 2023. The economic impact of the AI-powered developer lifecycle and lessons from GitHub Copilot. https:\/\/github.blog\/2023-06--27-the-economic-impact-of-the-ai-powered-developer-lifecycle-and-lessons-from-github-copilot\/ Accessed: 2024-03-01."},{"key":"e_1_3_2_1_24_1","unstructured":"Thomas Dohmke. 2024. GitHub Copilot Enterprise is now generally available. https:\/\/github.blog\/2024-02--27-github-copilot-enterprise-is-now-generally-available\/ Accessed: 2024-04--17."},{"key":"e_1_3_2_1_25_1","unstructured":"Thomas Dohmke Marco Iansiti and Greg Richards. 2023. Sea Change in Software Development: Economic and Productivity Analysis of the AI-Powered Developer Lifecycle. arxiv: 2306.15033 [econ.GN]"},{"key":"e_1_3_2_1_26_1","unstructured":"Oluwole Fagbohun Rachel M. Harrison and Anton Dereventsov. 2024. An Empirical Categorization of Prompting Techniques for Large Language Models: A Practitioner's Guide. arxiv: 2402.14837 [cs.CL]"},{"key":"e_1_3_2_1_27_1","volume-title":"The Impact of Copy&Paste on Android Application Security. In 2017 IEEE Symposium on Security and Privacy (SP). IEEE, 121--136","author":"Fischer Felix","year":"2017","unstructured":"Felix Fischer, Konstantin B\u00f6ttinger, Huang Xiao, Christian Stransky, Yasemin Acar, Michael Backes, and Sascha Fahl. 2017. Stack Overflow Considered Harmful? The Impact of Copy&Paste on Android Application Security. In 2017 IEEE Symposium on Security and Privacy (SP). IEEE, 121--136."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484763"},{"key":"e_1_3_2_1_29_1","volume-title":"Proc. 28th Usenix Security Symposium (SEC'19)","author":"Fischer Felix","year":"2019","unstructured":"Felix Fischer, Huang Xiao, Ching-Yu Kao, Yannick Stachelscheid, Benjamin Johnson, Danial Razar, Paul Fawkesley, Nat Buckley, Konstantin B\u00f6ttinger, Paul Muntean, and Jens Grossklags. 2019. Stack Overflow Considered Helpful! Deep Learning Security Nudges Towards Stronger Cryptography. In Proc. 28th Usenix Security Symposium (SEC'19). USENIX, 339--356."},{"key":"e_1_3_2_1_30_1","unstructured":"Foundation Inc. 2024. Reddit Statistics for 2024: Eye-Opening Usage & Traffic Data. https:\/\/foundationinc.co\/lab\/reddit-statistics\/ Accessed: 2024-07--24."},{"key":"e_1_3_2_1_31_1","unstructured":"Nat Friedman. 2021. Introducing GitHub Copilot: your AI pair programmer. https:\/\/github.blog\/2021-06--29-introducing-github-copilot-ai-pair-programmer\/ Accessed: 2024-03-01."},{"key":"e_1_3_2_1_32_1","unstructured":"GitHub. 2024. GitHub Copilot \u00b7 Your AI pair programmer. https:\/\/github.com\/features\/copilot Accessed: 2024-03-01."},{"key":"e_1_3_2_1_33_1","volume-title":"Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models. https:\/\/googleprojectzero.blogspot.com\/2024\/06\/project-naptime.html","author":"Glazunov Sergei","year":"2024","unstructured":"Sergei Glazunov and Mark Brand. 2024. Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models. https:\/\/googleprojectzero.blogspot.com\/2024\/06\/project-naptime.html"},{"key":"e_1_3_2_1_34_1","volume-title":"Samsung Bans Staff's AI Use After Spotting ChatGPT Data Leak. Bloomberg","author":"Gurman Mark","year":"2023","unstructured":"Mark Gurman. 2023. Samsung Bans Staff's AI Use After Spotting ChatGPT Data Leak. Bloomberg (2023). https:\/\/www.bloomberg.com\/news\/articles\/2023-05-02\/samsung-bans-chatgpt-and-other-generative-ai-use-by-staff-after-leak Accessed: 2024-03-01."},{"key":"e_1_3_2_1_35_1","volume-title":"Hai: The AI Assistant for Vulnerability Intelligence. https:\/\/www.hackerone.com\/ai\/hai-ai-assistant-vulnerability-intelligence","year":"2024","unstructured":"HackerOne. 2024. Hai: The AI Assistant for Vulnerability Intelligence. https:\/\/www.hackerone.com\/ai\/hai-ai-assistant-vulnerability-intelligence"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"crossref","unstructured":"H. Hajipour K. Hassler T. Holz L. Schonherr and M. Fritz. 2024. CodeLMSec Benchmark: Systematically Evaluating and Finding Security Vulnerabilities in Black-Box Code Language Models. In 2024 IEEE Conference on Secure and Trustworthy Machine Learning (SaTML). IEEE 684--709.","DOI":"10.1109\/SaTML59370.2024.00040"},{"key":"e_1_3_2_1_37_1","volume-title":"Answering the call for a standard reliability measure for coding data. Communication methods and measures","author":"Hayes Andrew F","year":"2007","unstructured":"Andrew F Hayes and Klaus Krippendorff. 2007. Answering the call for a standard reliability measure for coding data. Communication methods and measures, Vol. 1, 1 (2007), 77--89."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/3576915.3623175"},{"key":"e_1_3_2_1_39_1","volume-title":"Twitter and GitHub. In IEEE\/WIC\/ACM International Conference on Web Intelligence (WI '19)","author":"Horawalavithana Sameera","year":"2019","unstructured":"Sameera Horawalavithana, Abhishek Bhattacharjee, Renhao Liu, Nazim Choudhury, Lawrence O. Hall, and Adriana Iamnitchi. 2019. Mentions of Security Vulnerabilities on Reddit, Twitter and GitHub. In IEEE\/WIC\/ACM International Conference on Web Intelligence (WI '19). ACM, 200--207."},{"key":"e_1_3_2_1_40_1","volume-title":"Proc. 11th Symposium On Usable Privacy and Security (SOUPS'15)","author":"Ion Iulia","year":"2015","unstructured":"Iulia Ion, Rob Reeder, and Sunny Consolvo. 2015. textquotedblleft. ..No one Can Hack My Mindtextquotedblright: Comparing Expert and Non-Expert Security Practices. In Proc. 11th Symposium On Usable Privacy and Security (SOUPS'15). USENIX, 327--346."},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/RE51729.2021.00019"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/3613904.3642596"},{"key":"e_1_3_2_1_43_1","volume-title":"31st USENIX Security Symposium (USENIX Security 22)","author":"Kaur Harjot","year":"2022","unstructured":"Harjot Kaur, Sabrina Amft, Daniel Votipka, Yasemin Acar, and Sascha Fahl. 2022. Where to Recruit for Security Development Studies: Comparing Six Software Developer Samples. In 31st USENIX Security Symposium (USENIX Security 22). USENIX, 4041--4058."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"crossref","unstructured":"Erin Kenneally and David Dittrich. 2012. The Menlo Report: Ethical Principles Guiding Information and Communication Technology Research. Technical Report. U.S. Department of Homeland Security. https:\/\/www.dhs.gov\/sites\/default\/files\/publications\/CSD-MenloPrinciplesCORE-20120803_1.pdf","DOI":"10.2139\/ssrn.2445102"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/3576915.3623072"},{"key":"e_1_3_2_1_46_1","unstructured":"Bar Lanyado. 2024. Diving Deeper into AI Package Hallucinations. https:\/\/www.lasso.security\/blog\/ai-package-hallucinations#heads-up-hallucinated-packages-in-the-wild Accessed: 2024-04-04."},{"key":"e_1_3_2_1_47_1","volume-title":"Proc. ACM Hum.-Comput. Interact.","volume":"4","author":"Li Tianshi","year":"2021","unstructured":"Tianshi Li, Elizabeth Louie, Laura Dabbish, and Jason I. Hong. 2021. How Developers Talk About Personal Data and What It Means for User Privacy: A Case Study of a Developer Forum on Reddit. Proc. ACM Hum.-Comput. Interact., Vol. 4, CSCW3, Article 220 (Jan. 2021), 28 pages."},{"key":"e_1_3_2_1_48_1","volume-title":"Proc. 46th IEEE\/ACM International Conference on Software Engineering (ICSE '24)","author":"Liang Jenny T.","unstructured":"Jenny T. Liang, Chenyang Yang, and Brad A. Myers. 2024. A Large-Scale Survey on the Usability of AI Programming Assistants: Successes and Challenges. In Proc. 46th IEEE\/ACM International Conference on Software Engineering (ICSE '24). ACM, Article 52, 13 pages."},{"key":"e_1_3_2_1_49_1","volume-title":"Shawn Rasheed, Arghavan Moradidakhel, Amjed Tahir, and Foutse Khomh.","author":"Majdinasab Vahid","year":"2023","unstructured":"Vahid Majdinasab, Michael Joshua Bishop, Shawn Rasheed, Arghavan Moradidakhel, Amjed Tahir, and Foutse Khomh. 2023. Assessing the Security of GitHub Copilot Generated Code -- A Targeted Replication Study. arxiv: 2311.11177 [cs.SE]"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3559394"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/3359174"},{"key":"e_1_3_2_1_52_1","unstructured":"Meta. 2024. Meta Llama. https:\/\/llama.meta.com\/"},{"key":"e_1_3_2_1_53_1","unstructured":"Stephen Moskal Sam Laney Erik Hemberg and Una-May O'Reilly. 2023. LLMs Killed the Script Kiddie: How Agents Supported by Large Language Models Change the Landscape of Network Threat Testing. arxiv: 2310.06936 [cs.CR]"},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134082"},{"key":"e_1_3_2_1_55_1","volume-title":"32nd USENIX Security Symposium (USENIX Security 23)","author":"Niu Liang","year":"2023","unstructured":"Liang Niu, Shujaat Mirza, Zayd Maradni, and Christina P\u00f6pper. 2023. CodexLeaks: Privacy Leaks from Code Generation Language Models in GitHub Copilot. In 32nd USENIX Security Symposium (USENIX Security 23). USENIX, 2133--2150."},{"key":"e_1_3_2_1_56_1","unstructured":"OpenAI. 2021. OpenAI Codex. https:\/\/openai.com\/index\/openai-codex\/"},{"key":"e_1_3_2_1_57_1","unstructured":"OpenAI. 2022. Introducing ChatGPT. https:\/\/openai.com\/blog\/chatgpt Accessed: 2024-03-01."},{"key":"e_1_3_2_1_58_1","unstructured":"OpenAI. 2024. Prompt engineering. https:\/\/platform.openai.com\/docs\/guides\/prompt-engineering Accessed: 2024-04--17."},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833571"},{"key":"e_1_3_2_1_60_1","unstructured":"Hammond Pearce Benjamin Tan Prashanth Krishnamurthy Farshad Khorrami Ramesh Karri and Brendan Dolan-Gavitt. 2022. Pop Quiz! Can a Large Language Model Help With Reverse Engineering?arxiv: 2202.01142 [cs.SE]"},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1145\/3576915.3623157"},{"key":"e_1_3_2_1_62_1","volume-title":"Proc. 29th USENIX Security Symposium (SEC'20)","author":"Redmiles Elissa M.","unstructured":"Elissa M. Redmiles, Noel Warford, Amritha Jayanti, Aravind Koneru, Sean Kross, Miraida Morales, Rock Stevens, and Michelle L. Mazurek. 2020. A Comprehensive Quality Evaluation of Security and Privacy Advice on the Web. In Proc. 29th USENIX Security Symposium (SEC'20). USENIX, 89--108."},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2017.3681050"},{"key":"e_1_3_2_1_64_1","volume-title":"32nd USENIX Security Symposium (USENIX Security 23)","author":"Sandoval Gustavo","year":"2023","unstructured":"Gustavo Sandoval, Hammond Pearce, Teo Nys, Ramesh Karri, Siddharth Garg, and Brendan Dolan-Gavitt. 2023. Lost at C: A User Study on the Security Implications of Large Language Model Code Assistants. In 32nd USENIX Security Symposium (USENIX Security 23). USENIX, 2205--2222."},{"key":"e_1_3_2_1_65_1","doi-asserted-by":"crossref","unstructured":"Shubhra Kanti Karmaker Santu and Dongji Feng. 2023. TELeR: A General Taxonomy of LLM Prompts for Benchmarking Complex Tasks. arxiv: 2305.11430 [cs.AI]","DOI":"10.18653\/v1\/2023.findings-emnlp.946"},{"key":"e_1_3_2_1_66_1","unstructured":"Minghao Shao Boyuan Chen Sofija Jancheska Brendan Dolan-Gavitt Siddharth Garg Ramesh Karri and Muhammad Shafique. 2024. An Empirical Evaluation of LLMs for Solving Offensive Security Challenges. (2024). arxiv: 2402.11814 [cs.CR]"},{"key":"e_1_3_2_1_67_1","volume-title":"Meet Udeshi, Brendan Dolan-Gavitt, Haoran Xi, Kimberly Milner, Boyuan Chen, Max Yin, Siddharth Garg, Prashanth Krishnamurthy, Farshad Khorrami, Ramesh Karri, and Muhammad Shafique.","author":"Shao Minghao","year":"2024","unstructured":"Minghao Shao, Sofija Jancheska, Meet Udeshi, Brendan Dolan-Gavitt, Haoran Xi, Kimberly Milner, Boyuan Chen, Max Yin, Siddharth Garg, Prashanth Krishnamurthy, Farshad Khorrami, Ramesh Karri, and Muhammad Shafique. 2024. NYU CTF Dataset: A Scalable Open-Source Benchmark Dataset for Evaluating LLMs in Offensive Security. (2024). arxiv: 2406.05590 [cs.CR]"},{"key":"e_1_3_2_1_68_1","unstructured":"snyk. 2023. AI Code Security and Trust: Organizations Must Change Their Approach. Technical Report. snyk. https:\/\/snyk.io\/reports\/ai-code-security\/"},{"key":"e_1_3_2_1_69_1","volume-title":"Stack Overflow Developer Survey","author":"Overflow Stack","year":"2023","unstructured":"Stack Overflow. 2023. Stack Overflow Developer Survey 2023. https:\/\/survey.stackoverflow.co\/2023\/ Accessed: 2024-03-01."},{"key":"e_1_3_2_1_70_1","volume-title":"Choon Meng Seah, and Ee-Chien Chang.","author":"Tann Wesley","year":"2023","unstructured":"Wesley Tann, Yuancheng Liu, Jun Heng Sim, Choon Meng Seah, and Ee-Chien Chang. 2023. Using Large Language Models for Cybersecurity Capture-The-Flag Challenges and Certification Questions. arxiv: 2308.10443 [cs.AI]"},{"key":"e_1_3_2_1_71_1","volume-title":"Apple becomes the latest company to ban ChatGPT for internal use. The Register","author":"Vigliarolo Brandon","year":"2023","unstructured":"Brandon Vigliarolo. 2023. Apple becomes the latest company to ban ChatGPT for internal use. The Register (2023). https:\/\/www.theregister.com\/2023\/05\/19\/apple_chatgpt\/ Accessed: 2024-03-01."},{"key":"e_1_3_2_1_72_1","volume-title":"Proc. 2020 CHI Conference on Human Factors in Computing Systems (CHI '20)","author":"Votipka Daniel","unstructured":"Daniel Votipka, Desiree Abrokwa, and Michelle L. Mazurek. 2020. Building and Validating a Scale for Secure Software Development Self-Efficacy. In Proc. 2020 CHI Conference on Human Factors in Computing Systems (CHI '20). ACM, 1--20."},{"key":"e_1_3_2_1_73_1","volume-title":"Tiffany Bao, Ning Zhang, Ruoyu \"Fish\" Wang, and Chaowei Xiao.","author":"Wu Fangzhou","year":"2023","unstructured":"Fangzhou Wu, Qingzhao Zhang, Ati Priya Bajaj, Tiffany Bao, Ning Zhang, Ruoyu \"Fish\" Wang, and Chaowei Xiao. 2023. Exploring the Limits of ChatGPT in Software Security Applications. arxiv: 2312.05275 [cs.CR]"},{"key":"e_1_3_2_1_74_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11390-016-1672-0"},{"key":"e_1_3_2_1_75_1","doi-asserted-by":"publisher","DOI":"10.1145\/3613904.3642385"}],"event":{"name":"CCS '24: ACM SIGSAC Conference on Computer and Communications Security","location":"Salt Lake City UT USA","acronym":"CCS '24","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3690283","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3658644.3690283","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T06:16:27Z","timestamp":1755843387000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3690283"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,2]]},"references-count":75,"alternative-id":["10.1145\/3658644.3690283","10.1145\/3658644"],"URL":"https:\/\/doi.org\/10.1145\/3658644.3690283","relation":{},"subject":[],"published":{"date-parts":[[2024,12,2]]},"assertion":[{"value":"2024-12-09","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}