Conversational Code Analysis: The Future of Secure Coding

TL;DR

This paper introduces MyCodeAnalyzer, a voice-activated virtual assistant framework that enables programmers to interactively scan and fix code vulnerabilities during development, enhancing secure coding practices.

Contribution

It presents a novel voice-based code analysis system integrated with Google Assistant, addressing limitations of existing tools and promoting secure coding through natural language interaction.

Findings

Prototype successfully detects vulnerabilities in sample code.

Voice interaction improves developer engagement with security tools.

System demonstrates potential for real-time secure coding assistance.

Abstract

The area of software development and secure coding can benefit significantly from advancements in virtual assistants. Research has shown that many coders neglect security in favor of meeting deadlines. This shortcoming leaves systems vulnerable to attackers. While a plethora of tools are available for programmers to scan their code for vulnerabilities, finding the right tool can be challenging. It is therefore imperative to adopt measures to get programmers to utilize code analysis tools that will help them produce more secure code. This chapter looks at the limitations of existing approaches to secure coding and proposes a methodology that allows programmers to scan and fix vulnerabilities in program code by communicating with virtual assistants on their smart devices. With the ubiquitous move towards virtual assistants, it is important to design systems that are more reliant on voice than on standard point-and-click and keyboard-driven approaches. Consequently, we propose MyCodeAnalyzer, a Google Assistant app and code analysis framework, which was designed to interactively scan program code for vulnerabilities and flaws using voice commands during development. We describe the proposed methodology, implement a prototype, test it on a vulnerable project and present our results.