Education DCL: EAGER: Advancing Secure Coding Education: Empowering Students to Safely Utilize AI-powered Coding Assistant Tools

The advent of Artificial Intelligence (AI) has transformed the landscape of the software engineering ecosystem. Particularly, AI-powered coding assistant tools (e.g., ChatGPT and GitHub Copilot) are believed to potentially revolutionize the software development landscape. The tools can enhance software developers' efficiency and productivity in software development by generating boilerplate code for developers.

Unfortunately, the tools can generate (or suggest) insecure code for developers because (1) the models that the tools rely on can inadvertently learn from insecure code snippets of untrusted, unverified open-source projects, or (2) the models are also vulnerable to poisoning attacks. The project's novelties are to develop new curricular modules and hands-on exercises for computer science students and the software development workforce to enhance their secure coding practices when using the tools.

The project's broader significance and importance are to equip students and the workforce with secure coding practices when using AI-powered coding assistant tools, thereby enabling them to develop secure programs in the future. Moreover, this project's activities will be used to attract undergraduate students from underrepresented groups to cybersecurity.

The main objective of this education project is to help students and the workforce have secure coding practices. First, this project develops new hands-on exercises where the students and the workforce can learn how suggested insecure code can impact their software and how the software can be vulnerable and exploited by adversaries. This engages them in active security-oriented learning to cultivate their secure coding practices when using AI-powered coding assistant tools.

The hands-on materials include a real-world programming environment where the learners are expected to have experience with poisoned models. Second, this project actively pursues the involvement of undergraduate/high school students in research, including underrepresented groups (specifically the Appalachia region). Third, the project team host workshops in the summer to assist participating faculty in learning how to use our hands-on lab materials developed through this project

This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.