Recommending security fixes for weak open-source code with AI


Technical debt is a metaphor that describes not-quite-right code introduced for short-term needs. The effort to refactor it increases if it remains for a long in the software. When developers are aware of it and admit it in source code comments, the debt is called Self-Admitted Technical Debt (SATD). Thus, SATD indicates weak code that developers are aware of. The question is whether they are aware that this code may be vulnerable to attacks. This presentation will illustrate how artificial intelligence can be employed to recommend security fixes for vulnerabilities to developers.