While
new
technologies
emerge,
human
errors
always
looming.
Software
supply
chain
is
increasingly
complex
and
intertwined,
the
security
of
a
service
has
become
paramount
to
ensuring
integrity
products,
safeguarding
data
privacy,
maintaining
operational
continuity.
In
this
work,
we
conducted
experiments
on
promising
open
Large
Language
Models
(LLMs)
into
two
main
software
challenges:
source
code
language
deprecated
code,
with
focus
their
potential
replace
conventional
static
dynamic
scanners
that
rely
predefined
rules
patterns.
Our
findings
suggest
while
LLMs
present
some
unexpected
results,
they
also
encounter
significant
limitations,
particularly
in
memory
complexity
management
unfamiliar
Despite
these
challenges,
proactive
application
LLMs,
coupled
extensive
databases
continuous
updates,
holds
fortify
Supply
Chain
(SSC)
processes
against
emerging
threats.
Empirical Software Engineering,
Год журнала:
2025,
Номер
30(3)
Опубликована: Апрель 16, 2025
Abstract
The
widespread
adoption
of
conversational
LLMs
for
software
development
has
raised
new
security
concerns
regarding
the
safety
LLM-generated
content.
Our
motivational
study
outlines
ChatGPT’s
potential
in
volunteering
context-specific
information
to
developers,
promoting
safe
coding
practices.
Motivated
by
this
finding,
we
conduct
a
evaluate
degree
awareness
exhibited
three
prominent
LLMs:
Claude
3,
GPT-4,
and
Llama
3.
We
prompt
these
with
Stack
Overflow
questions
that
contain
vulnerable
code
whether
they
merely
provide
answers
or
if
also
warn
users
about
insecure
code,
thereby
demonstrating
awareness.
Further,
assess
LLM
responses
causes,
exploits,
fixes
vulnerability,
help
raise
users’
findings
show
all
models
struggle
accurately
detect
vulnerabilities,
achieving
detection
rate
only
12.6%
40%
across
our
datasets.
observe
tend
identify
certain
types
vulnerabilities
related
sensitive
exposure
improper
input
neutralization
much
more
frequently
than
other
types,
such
as
those
involving
external
control
file
names
paths.
Furthermore,
when
do
issue
warnings,
often
on
compared
responses.
Finally,
an
in-depth
discussion
implications
findings,
demonstrated
CLI-based
prompting
tool
can
be
used
produce
secure
Information,
Год журнала:
2025,
Номер
16(5), С. 368 - 368
Опубликована: Апрель 29, 2025
In
the
field
of
databases,
Large
Language
Models
(LLMs)
have
recently
been
studied
for
generating
SQL
queries
from
textual
descriptions,
while
their
use
conceptual
or
logical
data
modeling
remains
less
explored.
The
design
relational
databases
commonly
relies
on
entity-relationship
(ER)
model,
where
translation
rules
enable
mapping
an
ER
schema
into
corresponding
tables
with
constraints.
Our
study
investigates
capability
LLMs
to
describe
in
natural
language
a
database
model
based
schema.
Whether
documentation,
onboarding,
communication
non-technical
stakeholders,
can
significantly
improve
process
explaining
by
accurate
descriptions
about
how
components
interact
as
well
represented
information.
To
guide
LLM
challenging
constructs,
specific
hints
are
defined
provide
enriched
Different
explored
(ChatGPT
3.5
and
4,
Llama2,
Gemini,
Mistral
7B)
different
metrics
(F1
score,
ROUGE,
perplexity)
used
assess
quality
generated
compare
LLMs.
