{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,4]],"date-time":"2026-02-04T18:44:12Z","timestamp":1770230652777,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":84,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,10,27]],"date-time":"2024-10-27T00:00:00Z","timestamp":1729987200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,10,27]]},"DOI":"10.1145\/3691621.3694934","type":"proceedings-article","created":{"date-parts":[[2024,10,22]],"date-time":"2024-10-22T12:18:59Z","timestamp":1729599539000},"page":"54-65","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":10,"title":["SALLM: Security Assessment of Generated Code"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-7984-3611","authenticated-orcid":false,"given":"Mohammed Latif","family":"Siddiq","sequence":"first","affiliation":[{"name":"University of Notre Dame, Notre Dame, Indiana, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8743-2516","authenticated-orcid":false,"given":"Joanna Cecilia","family":"da Silva Santos","sequence":"additional","affiliation":[{"name":"University of Notre Dame, Notre Dame, Indiana, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-9616-0393","authenticated-orcid":false,"given":"Sajith","family":"Devareddy","sequence":"additional","affiliation":[{"name":"University of Notre Dame, Notre Dame, Indiana, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-2421-7622","authenticated-orcid":false,"given":"Anna","family":"Muller","sequence":"additional","affiliation":[{"name":"University of Notre Dame, Notre Dame, Indiana, USA"}]}],"member":"320","published-online":{"date-parts":[[2024,10,27]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Stack Overflow Developer Survey","year":"2021","unstructured":"2022. Stack Overflow Developer Survey 2021. https:\/\/insights.stackoverflow.com\/survey\/2021 [Online; accessed 28. Aug. 2022]."},{"key":"e_1_3_2_1_2_1","first-page":"2023","article-title":"Chat completions","volume":"25","year":"2023","unstructured":"2023. Chat completions. Accessed Mar 25, 2023. https:\/\/platform.openai.com\/docs\/guides\/chat","journal-title":"Accessed Mar"},{"key":"e_1_3_2_1_3_1","volume-title":"bigcode\/starcoder \u00b7 Hugging Face. https:\/\/huggingface.co\/bigcode\/starcoder#intended-use [Online","year":"2024","unstructured":"2024. bigcode\/starcoder \u00b7 Hugging Face. https:\/\/huggingface.co\/bigcode\/starcoder#intended-use [Online; accessed 10. Aug. 2024]."},{"key":"e_1_3_2_1_4_1","volume-title":"CWE - CVE \u2192 CWE Mapping \"Root Cause Mapping\" Guidance. https:\/\/cwe.mitre.org\/documents\/cwe_usage\/guidance.html [Online","year":"2024","unstructured":"2024. CWE - CVE \u2192 CWE Mapping \"Root Cause Mapping\" Guidance. https:\/\/cwe.mitre.org\/documents\/cwe_usage\/guidance.html [Online; accessed 10. Aug. 2024]."},{"key":"e_1_3_2_1_5_1","volume-title":"unittest --- Unit testing framework. https:\/\/docs.python.org\/3\/library\/unittest.html [Online","year":"2024","unstructured":"2024. unittest --- Unit testing framework. https:\/\/docs.python.org\/3\/library\/unittest.html [Online; accessed 10. Aug. 2024]."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/3212695"},{"key":"e_1_3_2_1_7_1","volume-title":"Multi-lingual Evaluation of Code Generation Models. In The Eleventh International Conference on Learning Representations (ICLR). https:\/\/openreview.net\/forum?id=Bo7eeXm6An8","author":"Athiwaratkun Ben","year":"2023","unstructured":"Ben Athiwaratkun, Sanjay Krishna Gouda, Zijian Wang, Xiaopeng Li, Yuchen Tian, Ming Tan, Wasi Uddin Ahmad, Shiqi Wang, Qing Sun, Mingyue Shang, et al. 2023. Multi-lingual Evaluation of Code Generation Models. In The Eleventh International Conference on Learning Representations (ICLR). https:\/\/openreview.net\/forum?id=Bo7eeXm6An8"},{"key":"e_1_3_2_1_8_1","volume-title":"Program synthesis with large language models. arXiv preprint arXiv:2108.07732","author":"Austin Jacob","year":"2021","unstructured":"Jacob Austin, Augustus Odena, Maxwell Nye, Maarten Bosma, Henryk Michalewski, David Dohan, Ellen Jiang, Carrie Cai, Michael Terry, Quoc Le, and Charles Sutton. 2021. Program synthesis with large language models. arXiv preprint arXiv:2108.07732 (2021)."},{"key":"e_1_3_2_1_9_1","volume-title":"Proceedings of the acl workshop on intrinsic and extrinsic evaluation measures for machine translation and\/or summarization. 65--72","author":"Banerjee Satanjeev","year":"2005","unstructured":"Satanjeev Banerjee and Alon Lavie. 2005. METEOR: An automatic metric for MT evaluation with improved correlation with human judgments. In Proceedings of the acl workshop on intrinsic and extrinsic evaluation measures for machine translation and\/or summarization. 65--72."},{"key":"e_1_3_2_1_10_1","unstructured":"Manish Bhatt Sahana Chennabasappa Cyrus Nikolaidis Shengye Wan Ivan Evtimov Dominik Gabi Daniel Song Faizan Ahmad Cornelius Aschermann Lorenzo Fontana et al. 2023. Purple llama cyberseceval: A secure coding benchmark for language models. arXiv preprint arXiv:2312.04724 (2023)."},{"key":"e_1_3_2_1_11_1","unstructured":"Tom Brown Benjamin Mann Nick Ryder Melanie Subbiah Jared D Kaplan Prafulla Dhariwal Arvind Neelakantan Pranav Shyam Girish Sastry Amanda Askell et al. 2020. Language Models are Few-Shot Learners. arXiv:2005.14165 [cs.CL]"},{"key":"e_1_3_2_1_12_1","volume-title":"Training and evaluating a jupyter notebook data science assistant. arXiv preprint arXiv:2201.12901","author":"Chandel Shubham","year":"2022","unstructured":"Shubham Chandel, Colin B Clement, Guillermo Serrato, and Neel Sundaresan. 2022. Training and evaluating a jupyter notebook data science assistant. arXiv preprint arXiv:2201.12901 (2022)."},{"key":"e_1_3_2_1_13_1","volume-title":"Henrique Ponde de Oliveira Pinto, et al","author":"Chen Mark","year":"2021","unstructured":"Mark Chen, Jerry Tworek, Heewoo Jun, Qiming Yuan, Henrique Ponde de Oliveira Pinto, et al. 2021. Evaluating large language models trained on code. arXiv preprint arXiv:2107.03374 (2021)."},{"key":"e_1_3_2_1_14_1","volume-title":"Henrique Ponde de Oliveira Pinto, et al","author":"Chen Mark","year":"2021","unstructured":"Mark Chen, Jerry Tworek, Heewoo Jun, Qiming Yuan, Henrique Ponde de Oliveira Pinto, et al. 2021. Evaluating Large Language Models Trained on Code. arXiv:2107.03374 [cs.LG]"},{"key":"e_1_3_2_1_15_1","volume-title":"CWE-328: Use of Weak Hash. https:\/\/cwe.mitre.org\/data\/definitions\/328.html [Online","author":"The MITRE Corporation","year":"2023","unstructured":"The MITRE Corporation. 2023. CWE-328: Use of Weak Hash. https:\/\/cwe.mitre.org\/data\/definitions\/328.html [Online; accessed 30. May. 2023]."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/N19-1423"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2023.aclindustry.34"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2020.findings-emnlp.139"},{"key":"e_1_3_2_1_19_1","volume-title":"The Pile: An 800GB Dataset of Diverse Text for Language Modeling. arXiv:2101.00027 [cs.CL]","author":"Gao Leo","year":"2020","unstructured":"Leo Gao, Stella Biderman, Sid Black, Laurence Golding, Travis Hoppe, Charles Foster, Jason Phang, Horace He, Anish Thite, Noa Nabeshima, Shawn Presser, and Connor Leahy. 2020. The Pile: An 800GB Dataset of Diverse Text for Language Modeling. arXiv:2101.00027 [cs.CL]"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3524610.3527907"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/SCAM.2017.24"},{"key":"e_1_3_2_1_22_1","volume-title":"Proc. of the 1st Intl. Joint Conf. on Artificial Intelligence","author":"Green Cordell","year":"1969","unstructured":"Cordell Green. 1969. Application of Theorem Proving to Problem Solving. In Proc. of the 1st Intl. Joint Conf. on Artificial Intelligence (Washington, DC) (IJCAI'69). Morgan Kaufmann Publishers Inc., San Francisco, CA, USA, 219--239."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"crossref","unstructured":"Sumit Gulwani Oleksandr Polozov Rishabh Singh et al. 2017. Program synthesis. Foundations and Trends\u00ae in Programming Languages 4 1--2 (2017) 1--119.","DOI":"10.1561\/2500000010"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","unstructured":"Hossein Hajipour Keno Hassler Thorsten Holz Lea Sch\u00f6nherr and Mario Fritz. 2024. CodeLMSec Benchmark: Systematically Evaluating and Finding Security Vulnerabilities in Black-Box Code Language Models. In 2024 IEEE Conference on Secure and Trustworthy Machine Learning (SaTML). 684--709. 10.1109\/SaTML59370.2024.00040","DOI":"10.1109\/SaTML59370.2024.00040"},{"key":"e_1_3_2_1_25_1","volume-title":"Systematically Finding Security Vulnerabilities in Black-Box Code Generation Models. arXiv preprint arXiv:2302.04012","author":"Hajipour Hossein","year":"2023","unstructured":"Hossein Hajipour, Thorsten Holz, Lea Sch\u00f6nherr, and Mario Fritz. 2023. Systematically Finding Security Vulnerabilities in Black-Box Code Generation Models. arXiv preprint arXiv:2302.04012 (2023)."},{"key":"e_1_3_2_1_26_1","volume-title":"Measuring Coding Challenge Competence With APPS. NeurIPS","author":"Hendrycks Dan","year":"2021","unstructured":"Dan Hendrycks, Steven Basart, Saurav Kadavath, Mantas Mazeika, Akul Arora, Ethan Guo, Collin Burns, Samir Puranik, Horace He, Dawn Song, and Jacob Steinhardt. 2021. Measuring Coding Challenge Competence With APPS. NeurIPS (2021)."},{"key":"e_1_3_2_1_27_1","unstructured":"Google Inc. 2022. BigQuery public datasets. https:\/\/cloud.google.com\/bigquery\/public-data"},{"key":"e_1_3_2_1_28_1","volume-title":"Your AI pair programmer. https:\/\/copilot.github.com [Online","author":"GitHub Inc. 2022. GitHub Copilot","year":"2022","unstructured":"GitHub Inc. 2022. GitHub Copilot : Your AI pair programmer. https:\/\/copilot.github.com [Online; accessed 10. Oct. 2022]."},{"key":"e_1_3_2_1_29_1","volume-title":"Use of a broken or weak cryptographic hashing algorithm on sensitive data. https:\/\/codeql.github.com\/codeql-query-help\/python\/py-weak-sensitive-data-hashing\/ [Online","author":"GitHub Inc. 2022.","year":"2022","unstructured":"GitHub Inc. 2022. Use of a broken or weak cryptographic hashing algorithm on sensitive data. https:\/\/codeql.github.com\/codeql-query-help\/python\/py-weak-sensitive-data-hashing\/ [Online; accessed 30. Oct. 2022]."},{"key":"e_1_3_2_1_30_1","volume-title":"Mapping language to code in programmatic context. arXiv preprint arXiv:1808.09588","author":"Iyer Srinivasan","year":"2018","unstructured":"Srinivasan Iyer, Ioannis Konstas, Alvin Cheung, and Luke Zettlemoyer. 2018. Mapping language to code in programmatic context. arXiv preprint arXiv:1808.09588 (2018)."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510172"},{"key":"e_1_3_2_1_32_1","volume-title":"IEEE Transactions on Information Forensics and Security","author":"Kande Rahul","year":"2024","unstructured":"Rahul Kande, Hammond Pearce, Benjamin Tan, Brendan Dolan-Gavitt, Shailja Thakur, Ramesh Karri, and Jeyavijayan Rajendran. 2024. (Security) Assertions by Large Language Models. IEEE Transactions on Information Forensics and Security (2024)."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE43902.2021.00026"},{"key":"e_1_3_2_1_34_1","volume-title":"Jia Li, Chenghao Mou, Carlos Mu\u00f1oz Ferrandis, Yacine Jernite, Margaret Mitchell, Sean Hughes, Thomas Wolf, Dzmitry Bahdanau, Leandro von Werra, and Harm de Vries.","author":"Kocetkov Denis","year":"2022","unstructured":"Denis Kocetkov, Raymond Li, Loubna Ben Allal, Jia Li, Chenghao Mou, Carlos Mu\u00f1oz Ferrandis, Yacine Jernite, Margaret Mitchell, Sean Hughes, Thomas Wolf, Dzmitry Bahdanau, Leandro von Werra, and Harm de Vries. 2022. The Stack: 3 TB of permissively licensed source code. Preprint (2022)."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/3664646.3664772"},{"key":"e_1_3_2_1_36_1","volume-title":"Garnett (Eds.)","volume":"32","author":"Kulal Sumith","year":"2019","unstructured":"Sumith Kulal, Panupong Pasupat, Kartik Chandra, Mina Lee, Oded Padon, Alex Aiken, and Percy S Liang. 2019. SPoC: Search-based Pseudocode to Code. In Advances in Neural Information Processing Systems, H. Wallach, H. Larochelle, A. Beygelzimer, F. d'Alch\u00e9-Buc, E. Fox, and R. Garnett (Eds.), Vol. 32. Curran Associates, Inc."},{"key":"e_1_3_2_1_37_1","volume-title":"Daniel Fried, Sida Wang, and Tao Yu.","author":"Lai Yuhang","year":"2022","unstructured":"Yuhang Lai, Chengxi Li, Yiming Wang, Tianyi Zhang, Ruiqi Zhong, Luke Zettlemoyer, Scott Wen-tau Yih, Daniel Fried, Sida Wang, and Tao Yu. 2022. DS-1000: A Natural and Reliable Benchmark for Data Science Code Generation. arXiv preprint arXiv:2211.11501 (2022)."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/3383458"},{"key":"e_1_3_2_1_39_1","volume-title":"Yangtian Zi, Niklas Muennighoff, Denis Kocetkov, Chenghao Mou, Marc Marone, Christopher Akiki, Jia Li, Jenny Chim, et al.","author":"Li Raymond","year":"2023","unstructured":"Raymond Li, Loubna Ben Allal, Yangtian Zi, Niklas Muennighoff, Denis Kocetkov, Chenghao Mou, Marc Marone, Christopher Akiki, Jia Li, Jenny Chim, et al. 2023. StarCoder: may the source be with you! arXiv preprint arXiv:2305.06161 (2023)."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","unstructured":"Yujia Li David Choi Junyoung Chung Nate Kushman Julian Schrittwieser R\u00e9 mi Leblond Tom Eccles James Keeling Felix Gimeno Agustin Dal Lago Thomas Hubert Peter Choy Cyprien de Masson d'Autume Igor Babuschkin Xinyun Chen Po-Sen Huang Johannes Welbl Sven Gowal Alexey Cherepanov James Molloy Daniel J. Mankowitz Esme Sutherland Robson Pushmeet Kohli Nando de Freitas Koray Kavukcuoglu and Oriol Vinyals. 2022. Competition-Level Code Generation with AlphaCode. 10.48550\/ARXIV.2203.07814","DOI":"10.48550\/ARXIV.2203.07814"},{"key":"e_1_3_2_1_41_1","volume-title":"Rouge: A package for automatic evaluation of summaries. In Text summarization branches out. 74--81.","author":"Lin Chin-Yew","year":"2004","unstructured":"Chin-Yew Lin. 2004. Rouge: A package for automatic evaluation of summaries. In Text summarization branches out. 74--81."},{"key":"e_1_3_2_1_42_1","volume-title":"USENIX security symposium","author":"Benjamin Livshits V","unstructured":"V Benjamin Livshits and Monica S Lam. 2005. Finding Security Vulnerabilities in Java Applications with Static Analysis.. In USENIX security symposium, Vol. 14. 18--18."},{"key":"e_1_3_2_1_43_1","volume-title":"Shengyu Fu, and Shujie Liu.","author":"Lu Shuai","year":"2021","unstructured":"Shuai Lu, Daya Guo, Shuo Ren, Junjie Huang, Alexey Svyatkovskiy, Ambrosio Blanco, Colin B. Clement, Dawn Drain, Daxin Jiang, Duyu Tang, Ge Li, Lidong Zhou, Linjun Shou, Long Zhou, Michele Tufano, Ming Gong, Ming Zhou, Nan Duan, Neel Sundaresan, Shao Kun Deng, Shengyu Fu, and Shujie Liu. 2021. CodeXGLUE: A Machine Learning Benchmark Dataset for Code Understanding and Generation. CoRR abs\/2102.04664 (2021)."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/362566.362568"},{"key":"e_1_3_2_1_45_1","volume-title":"Common Weakness Enumeration. https:\/\/cwe.mitre.org\/ [Online","author":"The MITRE Corporation (MITRE). 2022.","year":"2022","unstructured":"The MITRE Corporation (MITRE). 2022. Common Weakness Enumeration. https:\/\/cwe.mitre.org\/ [Online; accessed 18. Aug. 2022]."},{"key":"e_1_3_2_1_46_1","volume-title":"2023 CWE Top 25 Most Dangerous Software Weaknesses. https:\/\/cwe.mitre.org\/data\/definitions\/1425.html [Online","author":"The MITRE Corporation (MITRE). 2023.","year":"2023","unstructured":"The MITRE Corporation (MITRE). 2023. 2023 CWE Top 25 Most Dangerous Software Weaknesses. https:\/\/cwe.mitre.org\/data\/definitions\/1425.html [Online; accessed 18. Oct. 2023]."},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2023.111734"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/3524842.3528470"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2024.112059"},{"key":"e_1_3_2_1_50_1","volume-title":"CodeGen2: Lessons for Training LLMs on Programming and Natural Languages. ICLR","author":"Nijkamp Erik","year":"2023","unstructured":"Erik Nijkamp, Hiroaki Hayashi, Caiming Xiong, Silvio Savarese, and Yingbo Zhou. 2023. CodeGen2: Lessons for Training LLMs on Programming and Natural Languages. ICLR (2023)."},{"key":"e_1_3_2_1_51_1","volume-title":"A Conversational Paradigm for Program Synthesis. arXiv preprint","author":"Nijkamp Erik","year":"2022","unstructured":"Erik Nijkamp, Bo Pang, Hiroaki Hayashi, Lifu Tu, Huan Wang, Yingbo Zhou, Silvio Savarese, and Caiming Xiong. 2022. A Conversational Paradigm for Program Synthesis. arXiv preprint (2022)."},{"key":"e_1_3_2_1_52_1","volume-title":"Ellen Jiang, Henryk Michalewski, Jacob Austin, Maarten Paul Bosma, Maxwell Nye, Michael Terry, and Quoc V. Le.","author":"Odena Augustus","year":"2021","unstructured":"Augustus Odena, Charles Sutton, David Martin Dohan, Ellen Jiang, Henryk Michalewski, Jacob Austin, Maarten Paul Bosma, Maxwell Nye, Michael Terry, and Quoc V. Le. 2021. Program Synthesis with Large Language Models. In n\/a. n\/a, n\/a. n\/a."},{"key":"e_1_3_2_1_54_1","unstructured":"paperswithcode. 2024. Code Generation on HumanEval. https:\/\/paperswithcode.com\/sota\/code-generation-on-humaneval."},{"key":"e_1_3_2_1_55_1","volume-title":"Proceedings of the 40th annual meeting of the Association for Computational Linguistics. 311--318","author":"Papineni Kishore","year":"2002","unstructured":"Kishore Papineni, Salim Roukos, Todd Ward, and Wei-Jing Zhu. 2002. BLEU: a method for automatic evaluation of machine translation. In Proceedings of the 40th annual meeting of the Association for Computational Linguistics. 311--318."},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833571"},{"key":"e_1_3_2_1_57_1","volume-title":"Do Users Write More Insecure Code with AI Assistants? arXiv preprint arXiv:2211.03622","author":"Perry Neil","year":"2022","unstructured":"Neil Perry, Megha Srivastava, Deepak Kumar, and Dan Boneh. 2022. Do Users Write More Insecure Code with AI Assistants? arXiv preprint arXiv:2211.03622 (2022)."},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2019.00033"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSME.2019.00087"},{"key":"e_1_3_2_1_60_1","volume-title":"CodeBLEU: a method for automatic evaluation of code synthesis. arXiv preprint arXiv:2009.10297","author":"Ren Shuo","year":"2020","unstructured":"Shuo Ren, Daya Guo, Shuai Lu, Long Zhou, Shujie Liu, Duyu Tang, Neel Sundaresan, Ming Zhou, Ambrosio Blanco, and Shuai Ma. 2020. CodeBLEU: a method for automatic evaluation of code synthesis. arXiv preprint arXiv:2009.10297 (2020)."},{"key":"e_1_3_2_1_61_1","volume-title":"Yossi Adi, Jingyu Liu, Tal Remez, J\u00e9r\u00e9my Rapin, et al.","author":"Roziere Baptiste","year":"2024","unstructured":"Baptiste Roziere, Jonas Gehring, Fabian Gloeckle, Sten Sootla, Itai Gat, Xiaoqing Ellen Tan, Yossi Adi, Jingyu Liu, Tal Remez, J\u00e9r\u00e9my Rapin, et al. 2024. Code Llama: Open Foundation Models for Code. arXiv:2308.12950 [cs.CL]"},{"key":"e_1_3_2_1_62_1","unstructured":"SonarSource S.A. 2022. SonarSource static code analysis. https:\/\/rules.sonarsource.com."},{"key":"e_1_3_2_1_63_1","volume-title":"Security Implications of Large Language Model Code Assistants: A User Study. arXiv preprint arXiv:2208.09727","author":"Sandoval Gustavo","year":"2022","unstructured":"Gustavo Sandoval, Hammond Pearce, Teo Nys, Ramesh Karri, Brendan Dolan-Gavitt, and Siddharth Garg. 2022. Security Implications of Large Language Model Code Assistants: A User Study. arXiv preprint arXiv:2208.09727 (2022)."},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.26"},{"key":"e_1_3_2_1_65_1","volume-title":"Survey reveals AI's impact on the developer experience | The GitHub Blog. GitHub Blog (June","author":"Shani Inbal","year":"2023","unstructured":"Inbal Shani. 2023. Survey reveals AI's impact on the developer experience | The GitHub Blog. GitHub Blog (June 2023). https:\/\/github.blog\/2023-06-13-survey-reveals-ais-impact-on-the-developer-experience\/#methodology"},{"key":"e_1_3_2_1_66_1","volume-title":"A Lightweight Framework for High-Quality Code Generation. arXiv preprint arXiv:2307.08220","author":"Siddiq Mohammed Latif","year":"2023","unstructured":"Mohammed Latif Siddiq, Beatrice Casey, and Joanna Santos. 2023. A Lightweight Framework for High-Quality Code Generation. arXiv preprint arXiv:2307.08220 (2023)."},{"key":"e_1_3_2_1_67_1","volume-title":"An Empirical Study of Code Smells in Transformer-based Code Generation Techniques. In 2022 IEEE 22nd International Working Conference on Source Code Analysis and Manipulation (SCAM).","author":"Siddiq Mohammed Latif","unstructured":"Mohammed Latif Siddiq, Shafayat Hossain Majumder, Maisha Rahman Mim, Sourov Jajodia, and Joanna C.S. Santos. 2022. An Empirical Study of Code Smells in Transformer-based Code Generation Techniques. In 2022 IEEE 22nd International Working Conference on Source Code Analysis and Manipulation (SCAM)."},{"key":"e_1_3_2_1_68_1","volume-title":"Proceedings of the 21st International Conference on Mining Software Repositories, Mining Challenge Track (MSR","author":"Siddiq Mohammed Latif","year":"2024","unstructured":"Mohammed Latif Siddiq, Lindsay Roney, Jiahao Zhang, and Joanna C. S. Santos. 2024. Quality Assessment of ChatGPT Generated Code and their Use by Developers. In Proceedings of the 21st International Conference on Mining Software Repositories, Mining Challenge Track (MSR 2024)."},{"key":"e_1_3_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.1145\/3549035.3561184"},{"key":"e_1_3_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1145\/3661167.3661216"},{"key":"e_1_3_2_1_71_1","volume-title":"Proceedings of the 46th International Conference on Software Engineering, NIER Track (ICSE-NIER '24)","author":"Siddiq Mohammed Latif","unstructured":"Mohammed Latif Siddiq, Jiahao Zhang, Lindsay Roney, and Joanna C. S. Santos. 2024. Re(gEx|DoS)Eval: Evaluating Generated Regular Expressions and their Proneness to DoS Attacks. In Proceedings of the 46th International Conference on Software Engineering, NIER Track (ICSE-NIER '24)."},{"key":"e_1_3_2_1_72_1","doi-asserted-by":"publisher","DOI":"10.1145\/3643916.3644424"},{"key":"e_1_3_2_1_73_1","doi-asserted-by":"publisher","DOI":"10.1145\/3512290.3528700"},{"key":"e_1_3_2_1_74_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSR52588.2021.00045"},{"key":"e_1_3_2_1_75_1","volume-title":"CWE-918: Server-Side Request Forgery (SSRF) (4.15). https:\/\/cwe.mitre.org\/data\/definitions\/918.html. [Online","author":"The MITRE Corporation","year":"2024","unstructured":"The MITRE Corporation. 2024. CWE-918: Server-Side Request Forgery (SSRF) (4.15). https:\/\/cwe.mitre.org\/data\/definitions\/918.html. [Online; accessed 10. Aug. 2024]."},{"key":"e_1_3_2_1_76_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSR59073.2023.00084"},{"key":"e_1_3_2_1_77_1","volume-title":"\u0141 ukasz Kaiser, and Illia Polosukhin","author":"Vaswani Ashish","year":"2017","unstructured":"Ashish Vaswani, Noam Shazeer, Niki Parmar, Jakob Uszkoreit, Llion Jones, Aidan N Gomez, \u0141 ukasz Kaiser, and Illia Polosukhin. 2017. Attention is All you Need. In Advances in Neural Information Processing Systems, I. Guyon, U. Von Luxburg, S. Bengio, H. Wallach, R. Fergus, S. Vishwanathan, and R. Garnett (Eds.), Vol. 30. Curran Associates, Inc."},{"key":"e_1_3_2_1_78_1","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2021.emnlp-main.685"},{"key":"e_1_3_2_1_79_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.54"},{"key":"e_1_3_2_1_80_1","unstructured":"Aidan Z. H. Yang Haoye Tian He Ye Ruben Martins and Claire Le Goues. 2024. Security Vulnerability Detection with Multitask Self-Instructed Fine-Tuning of Large Language Models. arXiv:2406.05892 [cs.CR] https:\/\/arxiv.org\/abs\/2406.05892"},{"key":"e_1_3_2_1_81_1","volume-title":"CoderEval: A Benchmark of Pragmatic Code Generation with Generative Pre-trained Models. arXiv preprint arXiv:2302.00288","author":"Yu Hao","year":"2023","unstructured":"Hao Yu, Bo Shen, Dezhi Ran, Jiaxin Zhang, Qi Zhang, Yuchi Ma, Guangtai Liang, Ying Li, Tao Xie, and Qianxiang Wang. 2023. CoderEval: A Benchmark of Pragmatic Code Generation with Generative Pre-trained Models. arXiv preprint arXiv:2302.00288 (2023)."},{"key":"e_1_3_2_1_82_1","doi-asserted-by":"crossref","unstructured":"Hao Yu Bo Shen Dezhi Ran Jiaxin Zhang Qi Zhang Yuchi Ma Guangtai Liang Ying Li Tao Xie and Qianxiang Wang. 2023. CoderEval: A Benchmark of Pragmatic Code Generation with Generative Pre-trained Models. arXiv:2302.00288 [cs.SE]","DOI":"10.1145\/3597503.3623316"},{"key":"e_1_3_2_1_83_1","volume-title":"Proceedings of the 61st Annual Meeting of the Association for Computational Linguistics.","author":"Zan Daoguang","year":"2023","unstructured":"Daoguang Zan, Bei Chen, Fengji Zhang, Dianjie Lu, Bingchao Wu, Bei Guan, Yongji Wang, and Jian-Guang Lou. 2023. When Neural Model Meets NL2Code: A Survey. In Proceedings of the 61st Annual Meeting of the Association for Computational Linguistics."},{"key":"e_1_3_2_1_84_1","doi-asserted-by":"crossref","unstructured":"Qinkai Zheng Xiao Xia Xu Zou Yuxiao Dong Shan Wang Yufei Xue Zihan Wang Lei Shen Andi Wang Yang Li Teng Su Zhilin Yang and Jie Tang. 2023. CodeGeeX: A Pre-Trained Model for Code Generation with Multilingual Evaluations on HumanEval-X. arXiv:2303.17568 [cs.LG]","DOI":"10.1145\/3580305.3599790"},{"key":"e_1_3_2_1_85_1","doi-asserted-by":"publisher","DOI":"10.1145\/3520312.3534864"}],"event":{"name":"ASEW '24: 39th IEEE\/ACM International Conference on Automated Software Engineering Workshops","location":"Sacramento CA USA","acronym":"ASEW '24","sponsor":["SIGAI ACM Special Interest Group on Artificial Intelligence","SIGSOFT ACM Special Interest Group on Software Engineering","IEEE CS"]},"container-title":["Proceedings of the 39th IEEE\/ACM International Conference on Automated Software Engineering Workshops"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3691621.3694934","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T01:09:40Z","timestamp":1750295380000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3691621.3694934"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,10,27]]},"references-count":84,"alternative-id":["10.1145\/3691621.3694934","10.1145\/3691621"],"URL":"https:\/\/doi.org\/10.1145\/3691621.3694934","relation":{},"subject":[],"published":{"date-parts":[[2024,10,27]]},"assertion":[{"value":"2024-10-27","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}