CodingCare: AI Code Generation Security Framework for Common Vulnerability Mitigation

CodingCare: AI Code Generation Security Framework for Common Vulnerability Mitigation

연구 분야: Strategies

학회: ISCCN '25: Proceedings of the 2025 4th International Conference on Intelligent Systems, Communications and Computer Networks

This article provides a comprehensive review of code generation LLMs (Large Language Models) focusing on security issues and possible solutions to software development workflows. Recent literature suggests that more than 70% of developers are using AI programming assistants in their day-to-day activities. Code generated by AI contains a plethora of serious vulnerabilities such as Cross-site scripting (XSS), SQL injection vulnerabilities, and unsafe credentials which impact the overall security of software systems. Most of the research, thus far, has focused on either the fine-tuning of larger models, working with the methods for optimal prompting, or looking at security evaluations to detect outcomes in coding LLMs, rather than exploring generative models with an overall design of a security framework. To contribute, we develop an overall security framework for code LLMs including prompt libraries, bibliography databases, vulnerability databases, repositories of programming use-cases for several ways through the software development life-cycles, including requirement analysis, code development, code vetting changes, code iteration, and code submission. We developed an experimental system and we will use it to conduct comparative experiments with three code LLMs including Deepseek-coder-7B, Mistral-7B, and Code Llama-7B. The results of this research indicate that our proposed security framework reduces the number of CVEs reported. This research lays a groundwork for projects that lead to other research issues related to software security LLMs considerations.