Finding and fixing weaknesses and vulnerabilities in source code has been an ongoing challenge. There is a lot of excitement about the ability of large language models (LLMs, e.g., GenAI) to produce and evaluate programs. One question related to this ability is: Do these systems help in practice? We ran experiments with various LLMs to see if they could correctly identify problems with source code or determine that there were no problems. This webcast will provide background on our methods and a summary of our results.or determine that there were no problems. This webcast will provide background on our methods and a summary of our results.
What Will Attendees Learn?
- how well LLMs can evaluate source code
- evolution of capability as new LLMs are released
- how to address potential gaps in capability
Who Should Attend?
- development managers
- product owners
- software executives
About the Speaker
Dr. Mark Sherman is the Technical Director of the Cybersecurity Foundations directorate in the CERT Division of the Carnegie Mellon University Software Engineering Institute (CMU SEI). Sherman leads a diverse team of researchers and engineers on projects that focus on foundational research on the lifecycle for building secure software, data-driven analysis of cybersecurity, cybersecurity of quantum computers, cybersecurity for and enabled by machine learning applications, and detecting fake media. Prior to his tenure at the SEI, Sherman worked on mobile systems, integrated hardware-software appliances, transaction processing, languages and compilers, virtualization, network protocols, and databases at IBM and various startups.
