{"id":72450,"date":"2023-09-27T16:50:43","date_gmt":"2023-09-27T08:50:43","guid":{"rendered":"https:\/\/version-2.com\/?p=72450"},"modified":"2023-09-18T16:54:08","modified_gmt":"2023-09-18T08:54:08","slug":"chatgpt-and-secure-coding-the-good-the-bad-and-the-dangerous","status":"publish","type":"post","link":"https:\/\/version-2.com\/en\/2023\/09\/chatgpt-and-secure-coding-the-good-the-bad-and-the-dangerous\/","title":{"rendered":"ChatGPT and secure coding: The good, the bad, and the dangerous"},"content":{"rendered":"<div data-elementor-type=\"wp-post\" data-elementor-id=\"72450\" class=\"elementor elementor-72450\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-35fe5dd post-content elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"35fe5dd\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;cef08c3&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-409a2e9a\" data-id=\"409a2e9a\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-f466523 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"f466523\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[],&quot;animation&quot;:&quot;none&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-a2bda0a\" data-id=\"a2bda0a\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-5a8be8f elementor-widget elementor-widget-text-editor\" data-id=\"5a8be8f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p class=\"text-base leading-normal text-left text-h3 text-black\">In the digital landscape, ChatGPT&#8217;s influence is hard to ignore. With a monthly user base exceeding 100 million, people rely on OpenAI\u2019s chatbot for tasks ranging from casual chats to educational resources, content generation, and even coding support.<\/p><p>At Nord Security, we&#8217;re particularly intrigued by its coding capabilities. Can ChatGPT really produce secure code that withstands today&#8217;s advanced cyber threats? To find out, our security expert, Astrid Bytes (name changed for security reasons), put it to the test. Dive into this blog to discover her experiment and key findings.<\/p><p><img fetchpriority=\"high\" decoding=\"async\" class=\"alignnone size-full\" src=\"https:\/\/res.cloudinary.com\/nordsec\/f_auto,c_limit,w_1200,q_auto\/v1\/nord-security-web\/blog\/categories\/cybersecurity\/2023\/09\/Featured-image-ChatGPT-and-secure-coding.png\" width=\"1200\" height=\"675\" \/><\/p><div class=\"Article_wrapper__YyQ2_\"><h2 id=\"Research\" class=\"text-h2 leading-none text-left\"><b>Research\u00a0<\/b><\/h2><p class=\"text-base leading-normal\"><a class=\"cursor-pointer outline-none transition-colors duration-250 ease-out text-blue-500 hover:text-blue-600 focus:text-blue-400\" href=\"https:\/\/github.blog\/2023-06-13-survey-reveals-ais-impact-on-the-developer-experience\/\" target=\"_blank\" rel=\"noopener noreferrer\">92% of US developers state that they use AI tools<\/a> like ChatGPT to boost productivity across a variety of programming tasks. One of them might be a login in form, which, at first glance, can look like a simple task. But &#8220;simple&#8221; can be deceptive. The safe handling of user credentials is critical. One mistake here could result in GDPR violations and hefty fines.<\/p><p class=\"text-base leading-normal\">With this in mind, Astrid initiated a code-writing simulation using ChatGPT-3.5. She tasked the AI to generate database check-in code in PHP. What she didn&#8217;t do, however, was specifically ask the AI chatbot to create secure code or include certain security features.<\/p><blockquote class=\"pl-32 border-gray-300 border-l text-gray-600 my-64\"><p class=\"text-base leading-normal\">You have a login form with a username and password. Please write a code snippet in PHP to check in the database whether the credentials match.<\/p><\/blockquote><div class=\"my-64 text-center\"><p><span style=\"box-sizing: border-box; display: inline-block; overflow: hidden; width: initial; height: initial; background: none; opacity: 1; border: 0px; margin: 0px; padding: 0px; position: relative; max-width: 100%;\"><span style=\"box-sizing: border-box; display: block; width: initial; height: initial; background: none; opacity: 1; border: 0px; margin: 0px; padding: 0px; max-width: 100%;\"><img style=\"display: block; max-width: 100%; width: initial; height: initial; background: none; opacity: 1; border: 0px; margin: 0px; padding: 0px;\" alt=\"\" aria-hidden=\"true\" \/><\/span><img decoding=\"async\" style=\"position: absolute; inset: 0px; box-sizing: border-box; padding: 0px; border: none; margin: auto; display: block; width: 0px; height: 0px; min-width: 100%; max-width: 100%; min-height: 100%; max-height: 100%; object-fit: contain;\" src=\"https:\/\/res.cloudinary.com\/nordsec\/f_auto,c_limit,w_3840,q_auto\/v1\/nord-security-web\/blog\/categories\/cybersecurity\/2023\/09\/ChatGPT-inblog-1.png\" srcset=\"https:\/\/res.cloudinary.com\/nordsec\/f_auto,c_limit,w_1200,q_auto\/v1\/nord-security-web\/blog\/categories\/cybersecurity\/2023\/09\/ChatGPT-inblog-1.png 1x, https:\/\/res.cloudinary.com\/nordsec\/f_auto,c_limit,w_3840,q_auto\/v1\/nord-security-web\/blog\/categories\/cybersecurity\/2023\/09\/ChatGPT-inblog-1.png 2x\" alt=\"PHP code snipet with enlarged code vulnerabilities\" data-nimg=\"intrinsic\" \/><noscript><\/noscript><\/span><\/p><p class=\"text-nano leading-normal text-left text-center text-gray-600 my-8\">\u00a0<\/p><\/div><p class=\"text-base leading-normal\"><b>The code generated showcased clear vulnerabilities:<\/b><\/p><ul class=\"list-disc ml-24\"><li class=\"ml-20\"><div><p class=\"text-base leading-normal\">It&#8217;s prone to SQL injection attacks;<\/p><\/div><\/li><li class=\"ml-20\"><div><p class=\"text-base leading-normal\">It allows username enumeration;<\/p><\/div><\/li><li class=\"ml-20\"><div><p class=\"text-base leading-normal\">It hardcodes credentials directly in the code.<\/p><\/div><\/li><\/ul><p class=\"text-base leading-normal\">Firstly, the susceptibility to SQL injection attacks is caused by the <i>$username<\/i> variable being directly plugged into the SQL query string, lacking a properly prepared statement with parameter binding. It might be assumed that the <i>sanitize_input <\/i>function could thwart SQL injections. However, the PHP functions \u2013 <i>trim, stripslashes,<\/i> and <i>htmlspecialchars<\/i> \u2013 aren&#8217;t tailored to prevent such injections and can even be detrimental when used for this purpose.<\/p><p class=\"text-base leading-normal\">A security expert asked ChatGPT to improve the code so that it is not vulnerable to SQL injection attacks.<\/p><div class=\"border-gray-300 border mb-32\"><div class=\"bg-gray-200 p-24 border-b border-gray-300\"><div><div class=\"table-row text-black\"><p><span class=\"pr-32 text-gray-600 table-cell text-right select-none\">1<\/span><\/p><div class=\"table-cell\"><span class=\"text-black\"> \/\/ Prepare the SQL statement using a parameterized query<\/span><\/div><\/div><div class=\"table-row text-black\"><p><span class=\"pr-32 text-gray-600 table-cell text-right select-none\">2<\/span><\/p><div class=\"table-cell\"><span class=\"text-black\"> $stmt = $conn-&gt;prepare(&#8220;SELECT * FROM users WHERE username = ? LIMIT 1&#8221;);<\/span><\/div><\/div><div class=\"table-row text-black\"><p><span class=\"pr-32 text-gray-600 table-cell text-right select-none\">3<\/span><\/p><div class=\"table-cell\"><span class=\"text-black\"> $stmt-&gt;bind_param(&#8220;s&#8221;, $username);<\/span><\/div><\/div><div class=\"table-row text-black\"><p><span class=\"pr-32 text-gray-600 table-cell text-right select-none\">4<\/span><\/p><div class=\"table-cell\">\u00a0<\/div><\/div><div class=\"table-row text-black\"><p><span class=\"pr-32 text-gray-600 table-cell text-right select-none\">5<\/span><\/p><div class=\"table-cell\"><span class=\"text-black\"> \/\/ Execute the prepared statement<\/span><\/div><\/div><div class=\"table-row text-black\"><p><span class=\"pr-32 text-gray-600 table-cell text-right select-none\">6<\/span><\/p><div class=\"table-cell\"><span class=\"text-black\"> $stmt-&gt;execute();<\/span><\/div><\/div><div class=\"table-row text-black\"><p><span class=\"pr-32 text-gray-600 table-cell text-right select-none\">7<\/span><\/p><div class=\"table-cell\">\u00a0<\/div><\/div><div class=\"table-row text-black\"><p><span class=\"pr-32 text-gray-600 table-cell text-right select-none\">8<\/span><\/p><div class=\"table-cell\"><span class=\"text-black\"> \/\/ Get the result from the executed statement<\/span><\/div><\/div><div class=\"table-row text-black\"><p><span class=\"pr-32 text-gray-600 table-cell text-right select-none\">9<\/span><\/p><div class=\"table-cell\"><span class=\"text-black\"> $result = $stmt-&gt;get_result();<\/span><\/div><\/div><pre class=\"text-small overflow-auto\">\u00a0<\/pre><\/div><\/div><p><button class=\"m-24 focus:outline-none focus-visible:underline\" type=\"button\"><span class=\"text-micro leading-normal text-left flex flex-nowrap items-center font-bold duration-250 text-blue-500 hover:text-blue-600 cursor-pointer\"><span class=\"mr-8\">Copy snippet<\/span><\/span><\/button><\/p><\/div><p class=\"text-base leading-normal\">The second flaw was user enumeration. The AI code suggested displaying &#8220;Invalid password!&#8221; for failed logins, a security misstep. Such messages give attackers hints, easing their job of guessing valid usernames. A better practice is to keep things vague with messages like &#8220;Invalid username or password&#8221;, keeping attackers in the dark about which part failed. Astrid subsequently called for the removal of user enumeration in the code.<\/p><div class=\"border-gray-300 border mb-32\"><div class=\"bg-gray-200 p-24 border-b border-gray-300\"><div><div class=\"table-row text-black\"><p><span class=\"pr-32 text-gray-600 table-cell text-right select-none\">1<\/span><\/p><div class=\"table-cell\"><span class=\"text-black\">\/\/ Password doesn&#8217;t match<\/span><\/div><\/div><div class=\"table-row text-black\"><p><span class=\"pr-32 text-gray-600 table-cell text-right select-none\">2<\/span><\/p><div class=\"table-cell\"><span class=\"text-black\"> echo &#8220;Invalid username or password!&#8221;;<\/span><\/div><\/div><div class=\"table-row text-black\"><p><span class=\"pr-32 text-gray-600 table-cell text-right select-none\">3<\/span><\/p><div class=\"table-cell\"><span class=\"text-black\"> }<\/span><\/div><\/div><div class=\"table-row text-black\"><p><span class=\"pr-32 text-gray-600 table-cell text-right select-none\">4<\/span><\/p><div class=\"table-cell\"><span class=\"text-black\"> } else {<\/span><\/div><\/div><div class=\"table-row text-black\"><p><span class=\"pr-32 text-gray-600 table-cell text-right select-none\">5<\/span><\/p><div class=\"table-cell\"><span class=\"text-black\"> \/\/ Delay the response for a short random period (to prevent timing attacks)<\/span><\/div><\/div><div class=\"table-row text-black\"><p><span class=\"pr-32 text-gray-600 table-cell text-right select-none\">6<\/span><\/p><div class=\"table-cell\"><span class=\"text-black\"> usleep(rand(100000, 500000)); \/\/ Random delay between 0.1s and 0.5s<\/span><\/div><\/div><div class=\"table-row text-black\"><p><span class=\"pr-32 text-gray-600 table-cell text-right select-none\">7<\/span><\/p><div class=\"table-cell\"><span class=\"text-black\"> \/\/ Generic error message to prevent username enumeration<\/span><\/div><\/div><div class=\"table-row text-black\"><p><span class=\"pr-32 text-gray-600 table-cell text-right select-none\">8<\/span><\/p><div class=\"table-cell\"><span class=\"text-black\"> echo &#8220;Invalid username or password!&#8221;;<\/span><\/div><\/div><div class=\"table-row text-black\"><p><span class=\"pr-32 text-gray-600 table-cell text-right select-none\">9<\/span><\/p><div class=\"table-cell\"><span class=\"text-black\"> }<\/span><\/div><\/div><pre class=\"text-small overflow-auto\">\u00a0<\/pre><\/div><\/div><p><button class=\"m-24 focus:outline-none focus-visible:underline\" type=\"button\"><span class=\"text-micro leading-normal text-left flex flex-nowrap items-center font-bold duration-250 text-blue-500 hover:text-blue-600 cursor-pointer\"><span class=\"mr-8\">Copy snippet<\/span><\/span><\/button><\/p><\/div><p class=\"text-base leading-normal\">The last red flag \u2013 hardcoded credentials. Attackers who access the source code could exploit these to compromise the system or steal sensitive information. To fix this issue, the AI chatbot suggests using environment variables or configuration files to store database credentials.<\/p><p class=\"text-base leading-normal\">The experiment didn&#8217;t end there. Astrid Bytes delved deeper, giving the same task to ChatGPT in other widely used programming languages:<\/p><blockquote class=\"pl-32 border-gray-300 border-l text-gray-600 my-64\"><p class=\"text-base leading-normal\">&#8220;I was experimenting with 5 different programming languages, including PHP, Java, Rust, JSON, and C, but didn\u2019t notice any significant differences when it came to more secure code,&#8221; she reported.<\/p><\/blockquote><div class=\"my-64 text-center\"><p><span style=\"box-sizing: border-box; display: inline-block; overflow: hidden; width: initial; height: initial; background: none; opacity: 1; border: 0px; margin: 0px; padding: 0px; position: relative; max-width: 100%;\"><span style=\"box-sizing: border-box; display: block; width: initial; height: initial; background: none; opacity: 1; border: 0px; margin: 0px; padding: 0px; max-width: 100%;\"><img style=\"display: block; max-width: 100%; width: initial; height: initial; background: none; opacity: 1; border: 0px; margin: 0px; padding: 0px;\" alt=\"\" aria-hidden=\"true\" \/><\/span><img decoding=\"async\" style=\"position: absolute; inset: 0px; box-sizing: border-box; padding: 0px; border: none; margin: auto; display: block; width: 0px; height: 0px; min-width: 100%; max-width: 100%; min-height: 100%; max-height: 100%; object-fit: contain;\" src=\"https:\/\/res.cloudinary.com\/nordsec\/f_auto,c_limit,w_3840,q_auto\/v1\/nord-security-web\/blog\/categories\/cybersecurity\/2023\/09\/ChatGPT-inblog-2.png\" srcset=\"https:\/\/res.cloudinary.com\/nordsec\/f_auto,c_limit,w_1200,q_auto\/v1\/nord-security-web\/blog\/categories\/cybersecurity\/2023\/09\/ChatGPT-inblog-2.png 1x, https:\/\/res.cloudinary.com\/nordsec\/f_auto,c_limit,w_3840,q_auto\/v1\/nord-security-web\/blog\/categories\/cybersecurity\/2023\/09\/ChatGPT-inblog-2.png 2x\" alt=\"Java code snipet with enlarged code vulnerabilities\" data-nimg=\"intrinsic\" \/><noscript><\/noscript><\/span><\/p><p class=\"text-nano leading-normal text-left text-center text-gray-600 my-8\">\u00a0<\/p><\/div><p class=\"text-base leading-normal\">The Java test mirrored PHP results, revealing code vulnerabilities. Moreover, each time a flaw was patched, a new one emerged.<\/p><p class=\"text-base leading-normal\">The Java check-in code and its subsequent iterations suffered from various issues:<\/p><ul class=\"list-disc ml-24\"><li class=\"ml-20\"><div><p class=\"text-base leading-normal\">Vulnerability to SQL injections;<\/p><\/div><\/li><li class=\"ml-20\"><div><p class=\"text-base leading-normal\">Hardcoded credentials in connection strings;<\/p><\/div><\/li><li class=\"ml-20\"><div><p class=\"text-base leading-normal\">Storing passwords as plain text or hashing with the SHA-256 algorithm;<\/p><\/div><\/li><li class=\"ml-20\"><div><p class=\"text-base leading-normal\">Weak exception handling;<\/p><\/div><\/li><li class=\"ml-20\"><div><p class=\"text-base leading-normal\">Exposure to cross-site scripting (XSS) attacks;<\/p><\/div><\/li><li class=\"ml-20\"><div><p class=\"text-base leading-normal\">Unsolicited code that included information not tailored to specific requests or needs.<\/p><\/div><\/li><\/ul><p class=\"text-base leading-normal\">Astrid also evaluated ChatGPT-4\u2019s secure coding capabilities. She found it slightly more robust than its 3.5 predecessor. However, an expert\u2019s oversight was still needed to correct flaws in the code.<\/p><p class=\"text-base leading-normal\">Interestingly, ChatGPT displayed enhanced proficiency when \u201cwriting a code in development frameworks compared to vanilla versions of programming languages.\u201d This observation aligns with the fact that certain development frameworks provide integrated solutions to tackle specific security vulnerabilities. Nonetheless, it&#8217;s crucial to understand that these frameworks, while helpful, are not foolproof \u2013 developers can still produce insecure code within them.<\/p><h2 id=\"Key takeaways\" class=\"text-h2 leading-none text-left\"><b>Key takeaways<\/b><\/h2><p class=\"text-base leading-normal\">This test revealed that, while ChatGPT does a great job in engaging in human-like conversation, it doesn\u2019t perform so well in producing secure code. Astrid Bytes classified her findings into the good, the bad, and the dangerous.<\/p><p class=\"text-base leading-normal\"><b>The good<\/b><\/p><ul class=\"list-disc ml-24\"><li class=\"ml-20\"><div><p class=\"text-base leading-normal\">ChatGPT serves as an excellent coding assistant, boosting productivity and helping with quick algorithm implementations. A study from the National Bureau of Economic Research attests that <a class=\"cursor-pointer outline-none transition-colors duration-250 ease-out text-blue-500 hover:text-blue-600 focus:text-blue-400\" href=\"https:\/\/www.nber.org\/papers\/w31161\" target=\"_blank\" rel=\"noopener noreferrer\">generative AIs like ChatGPT can enhance workforce productivity by roughly 14%.<\/a><\/p><\/div><\/li><li class=\"ml-20\"><div><p class=\"text-base leading-normal\">It can generate code in a multitude of programming languages.<\/p><\/div><\/li><li class=\"ml-20\"><div><p class=\"text-base leading-normal\">ChatGPT-4 generally outperforms ChatGPT-3.5, though expert review remains essential for spotting vulnerabilities.<\/p><\/div><\/li><li class=\"ml-20\"><div><p class=\"text-base leading-normal\">Considering secure coding, the chatbot performs better within modern development frameworks than in standard programming languages.<\/p><\/div><\/li><li class=\"ml-20\"><div><p class=\"text-base leading-normal\">ChatGPT can recognize code issues, detailing their exploitability and suggesting remediation steps. However, this feature is effective only if the user actively seeks such insights.<\/p><\/div><\/li><\/ul><p class=\"text-base leading-normal\"><b>The bad<\/b><\/p><ul class=\"list-disc ml-24\"><li class=\"ml-20\"><div><p class=\"text-base leading-normal\">ChatGPT has a limited response size and cuts corners when focusing only on functional requirements, skipping security considerations. So, you won\u2019t always get the right code on the first try.<\/p><\/div><\/li><\/ul><p class=\"text-base leading-normal\"><b>The dangerous<\/b><\/p><ul class=\"list-disc ml-24\"><li class=\"ml-20\"><div><p class=\"text-base leading-normal\">Code output falls below minimum security standards. Astrid Bytes noted that this issue stems from ChatGPT\u2019s training data: \u201cIt&#8217;s trained on old data (until September 2021) and isn&#8217;t updated on new vulnerabilities and attack types. Plus, ChatGPT has been trained on large amounts of data and coding examples found on the web. The truth is that not all of them are written securely. There is a lot of bad code on the web.\u201d<\/p><\/div><\/li><li class=\"ml-20\"><div><p class=\"text-base leading-normal\">Inadequate code security is language-agnostic. As Astrid asserts, &#8220;I was experimenting with 5 different programming languages, but did not notice any significant differences when it came to more secure code.&#8221;<\/p><\/div><\/li><li class=\"ml-20\"><div><p class=\"text-base leading-normal\">Secure code only if asked. According to our security expert, \u201cIt&#8217;s focussed on generating code based on functional requirements (your request to write code that solves a particular task) while security and other non-functional requirements are not always taken into consideration \u2013 unless you specifically ask for it.\u201d<\/p><\/div><\/li><li class=\"ml-20\"><div><p class=\"text-base leading-normal\">Requests to fix code vulnerability might lead to a code mutation. As she observed, \u201cWhile fixing one place, it made changes in another part of the code which was previously secure or even rewritten the code by using a different framework compared to what was originally requested.\u201d<\/p><\/div><\/li><li class=\"ml-20\"><div><p class=\"text-base leading-normal\">Some of ChatGPT\u2019s answers provided were incorrect. Astrid Bytes noticed that ChatGPT sometimes returned code snippets that included extraneous or incorrect information. This inconsistency underscores a recent Purdue University study, which revealed that <a class=\"cursor-pointer outline-none transition-colors duration-250 ease-out text-blue-500 hover:text-blue-600 focus:text-blue-400\" href=\"https:\/\/www.zdnet.com\/article\/chatgpt-answers-more-than-half-of-software-engineering-questions-incorrectly\/\" target=\"_blank\" rel=\"noopener noreferrer\">ChatGPT answered only 48% of software engineering questions accurately.<\/a><\/p><\/div><\/li><\/ul><div class=\"my-64 text-center\"><p><span style=\"box-sizing: border-box; display: inline-block; overflow: hidden; width: initial; height: initial; background: none; opacity: 1; border: 0px; margin: 0px; padding: 0px; position: relative; max-width: 100%;\"><span style=\"box-sizing: border-box; display: block; width: initial; height: initial; background: none; opacity: 1; border: 0px; margin: 0px; padding: 0px; max-width: 100%;\"><img style=\"display: block; max-width: 100%; width: initial; height: initial; background: none; opacity: 1; border: 0px; margin: 0px; padding: 0px;\" alt=\"\" aria-hidden=\"true\" \/><\/span><img decoding=\"async\" style=\"position: absolute; inset: 0px; box-sizing: border-box; padding: 0px; border: none; margin: auto; display: block; width: 0px; height: 0px; min-width: 100%; max-width: 100%; min-height: 100%; max-height: 100%; object-fit: contain;\" src=\"https:\/\/res.cloudinary.com\/nordsec\/f_auto,c_limit,w_3840,q_auto\/v1\/nord-security-web\/blog\/categories\/cybersecurity\/2023\/09\/ChatGPT-inblog-3.png\" srcset=\"https:\/\/res.cloudinary.com\/nordsec\/f_auto,c_limit,w_1200,q_auto\/v1\/nord-security-web\/blog\/categories\/cybersecurity\/2023\/09\/ChatGPT-inblog-3.png 1x, https:\/\/res.cloudinary.com\/nordsec\/f_auto,c_limit,w_3840,q_auto\/v1\/nord-security-web\/blog\/categories\/cybersecurity\/2023\/09\/ChatGPT-inblog-3.png 2x\" alt=\"Conversation on ChatGPT\" data-nimg=\"intrinsic\" \/><noscript><\/noscript><\/span><\/p><p class=\"text-nano leading-normal text-left text-center text-gray-600 my-8\">\u00a0<\/p><\/div><h2 id=\"Can ChatGPT be used for coding?\" class=\"text-h2 leading-none text-left\"><b>Can ChatGPT be used for coding?<\/b><\/h2><p class=\"text-base leading-normal\">Astrid highlights that ChatGPT should be viewed only as a supporting tool for code writing. Whether you&#8217;re using an older or newer version, or even if you prompt it to adhere to secure coding standards, human touch and expert oversight remain indispensable.<\/p><p class=\"text-base leading-normal\">\u201cYou have to understand that ChatGPT isn\u2019t a security toll. It\u2019s trained on old data and unaware of the latest vulnerabilities and attack vectors. So, it might suggest vulnerable libraries or insecure configurations,\u201d Astrid notes.<\/p><p class=\"text-base leading-normal\">Further, the research underscores its significant error rate when addressing coding queries. Such inaccuracies, combined with cybersecurity concerns, have led <a class=\"cursor-pointer outline-none transition-colors duration-250 ease-out text-blue-500 hover:text-blue-600 focus:text-blue-400\" href=\"https:\/\/fortune.com\/2023\/05\/19\/chatgpt-banned-workplace-apple-goldman-risk-privacy\/\" target=\"_blank\" rel=\"noopener noreferrer\">global giants like Apple, Samsung,<\/a> and even <a class=\"cursor-pointer outline-none transition-colors duration-250 ease-out text-blue-500 hover:text-blue-600 focus:text-blue-400\" href=\"https:\/\/www.theverge.com\/2022\/12\/5\/23493932\/chatgpt-ai-generated-answers-temporarily-banned-stack-overflow-llms-dangers\" target=\"_blank\" rel=\"noopener noreferrer\">the coding Q&amp;A hub Stack Overflow to restrict its use.<\/a><\/p><p class=\"text-base leading-normal\"><b>So, if you decide to use an AI chatbot for coding: <\/b><\/p><ul class=\"list-disc ml-24\"><li class=\"ml-20\"><div><p class=\"text-base leading-normal\">Get to know your AI assistant. Whether it\u2019s ChatGPT or any other tool, it\u2019s important to know its limitations.<\/p><\/div><\/li><li class=\"ml-20\"><div><p class=\"text-base leading-normal\">Take security seriously. It might not be such a big deal for single-use scripts that you won\u2019t need tomorrow, but it makes a big difference for production code.<\/p><\/div><\/li><li class=\"ml-20\"><div><p class=\"text-base leading-normal\">Only ask to generate the code in a programming language you\u2019re familiar with. The more knowledge you have on programming language and secure coding practices, the easier it is to spot vulnerabilities in generated code.<\/p><\/div><\/li><li class=\"ml-20\"><div><p class=\"text-base leading-normal\">Use SAST tools to help you evaluate the findings. However, they can generate false positives as well as false negatives. Therefore, any AI-generated code should undergo a manual code review as well.<\/p><\/div><\/li><li class=\"ml-20\"><div><p class=\"text-base leading-normal\">And finally \u2013 <b>trust no one. Not even ChatGPT.<\/b><\/p><\/div><\/li><\/ul><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<div class=\"elementor-element elementor-element-2004c86 elementor-widget elementor-widget-shortcode\" data-id=\"2004c86\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"shortcode.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-shortcode\">\t\t<div data-elementor-type=\"page\" data-elementor-id=\"18103\" class=\"elementor elementor-18103\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-748947f elementor-section-full_width elementor-section-height-default elementor-section-height-default\" data-id=\"748947f\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;c4f773e&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7995c19\" data-id=\"7995c19\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a437045 elementor-widget elementor-widget-image-box\" data-id=\"a437045\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-image-box-wrapper\"><div class=\"elementor-image-box-content\"><h3 class=\"elementor-image-box-title\">About Version 2 Digital<\/h3><p class=\"elementor-image-box-description\">Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.\n<br><br>\nThrough an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.<\/p><\/div><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t\n\t\t<div data-elementor-type=\"page\" data-elementor-id=\"63561\" class=\"elementor elementor-63561\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-1b6aa2c4 elementor-section-full_width elementor-section-height-default elementor-section-height-default\" data-id=\"1b6aa2c4\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;_id&quot;:&quot;c4f773e&quot;,&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-1b283ee5\" data-id=\"1b283ee5\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-4e466f1a elementor-widget elementor-widget-text-editor\" data-id=\"4e466f1a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong>About NordLayer<br \/><\/strong>NordLayer is an adaptive network access security solution for modern businesses \u2013 from the world\u2019s most trusted cybersecurity brand, Nord Security.<\/p><p>The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"<p>In the digital landscape, ChatGPT&#8217;s influence is  [&hellip;]<\/p>","protected":false},"author":149011790,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1075,1130,973,61],"tags":[974,1076,1132],"class_list":["post-72450","post","type-post","status-publish","format-standard","hentry","category-year2023","category-nordlayer","category-nord-security","category-press-release","tag-nord-security","tag-1076","tag-nordlayer"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>ChatGPT and secure coding: The good, the bad, and the dangerous - Version 2<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/nordsecurity.com\/blog\/chatgpt-and-secure-coding\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ChatGPT and secure coding: The good, the bad, and the dangerous - Version 2\" \/>\n<meta property=\"og:description\" content=\"In the digital landscape, ChatGPT&#8217;s influence is [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nordsecurity.com\/blog\/chatgpt-and-secure-coding\" \/>\n<meta property=\"og:site_name\" content=\"Version 2\" \/>\n<meta property=\"article:published_time\" content=\"2023-09-27T08:50:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/res.cloudinary.com\/nordsec\/f_auto,c_limit,w_1200,q_auto\/v1\/nord-security-web\/blog\/categories\/cybersecurity\/2023\/09\/Featured-image-ChatGPT-and-secure-coding.png\" \/>\n<meta name=\"author\" content=\"tracylamv2\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"tracylamv2\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/nordsecurity.com\\\/blog\\\/chatgpt-and-secure-coding#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2023\\\/09\\\/chatgpt-and-secure-coding-the-good-the-bad-and-the-dangerous\\\/\"},\"author\":{\"name\":\"tracylamv2\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/011bc7c3731c930bcfeecd52fefb6365\"},\"headline\":\"ChatGPT and secure coding: The good, the bad, and the dangerous\",\"datePublished\":\"2023-09-27T08:50:43+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2023\\\/09\\\/chatgpt-and-secure-coding-the-good-the-bad-and-the-dangerous\\\/\"},\"wordCount\":1441,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/nordsecurity.com\\\/blog\\\/chatgpt-and-secure-coding#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/res.cloudinary.com\\\/nordsec\\\/f_auto,c_limit,w_1200,q_auto\\\/v1\\\/nord-security-web\\\/blog\\\/categories\\\/cybersecurity\\\/2023\\\/09\\\/Featured-image-ChatGPT-and-secure-coding.png\",\"keywords\":[\"Nord Security\",\"2023\",\"NordLayer\"],\"articleSection\":[\"2023\",\"NordLayer\",\"Nord Security\",\"Press Release\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/nordsecurity.com\\\/blog\\\/chatgpt-and-secure-coding#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/version-2.com\\\/2023\\\/09\\\/chatgpt-and-secure-coding-the-good-the-bad-and-the-dangerous\\\/\",\"url\":\"https:\\\/\\\/nordsecurity.com\\\/blog\\\/chatgpt-and-secure-coding\",\"name\":\"ChatGPT and secure coding: The good, the bad, and the dangerous - Version 2\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/nordsecurity.com\\\/blog\\\/chatgpt-and-secure-coding#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/nordsecurity.com\\\/blog\\\/chatgpt-and-secure-coding#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/res.cloudinary.com\\\/nordsec\\\/f_auto,c_limit,w_1200,q_auto\\\/v1\\\/nord-security-web\\\/blog\\\/categories\\\/cybersecurity\\\/2023\\\/09\\\/Featured-image-ChatGPT-and-secure-coding.png\",\"datePublished\":\"2023-09-27T08:50:43+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nordsecurity.com\\\/blog\\\/chatgpt-and-secure-coding#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nordsecurity.com\\\/blog\\\/chatgpt-and-secure-coding\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/nordsecurity.com\\\/blog\\\/chatgpt-and-secure-coding#primaryimage\",\"url\":\"https:\\\/\\\/res.cloudinary.com\\\/nordsec\\\/f_auto,c_limit,w_1200,q_auto\\\/v1\\\/nord-security-web\\\/blog\\\/categories\\\/cybersecurity\\\/2023\\\/09\\\/Featured-image-ChatGPT-and-secure-coding.png\",\"contentUrl\":\"https:\\\/\\\/res.cloudinary.com\\\/nordsec\\\/f_auto,c_limit,w_1200,q_auto\\\/v1\\\/nord-security-web\\\/blog\\\/categories\\\/cybersecurity\\\/2023\\\/09\\\/Featured-image-ChatGPT-and-secure-coding.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nordsecurity.com\\\/blog\\\/chatgpt-and-secure-coding#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9801\",\"item\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"ChatGPT and secure coding: The good, the bad, and the dangerous\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"name\":\"Version 2\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/version-2.com\\\/zh\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\",\"name\":\"Version 2\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"width\":1795,\"height\":335,\"caption\":\"Version 2\"},\"image\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/011bc7c3731c930bcfeecd52fefb6365\",\"name\":\"tracylamv2\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g\",\"caption\":\"tracylamv2\"},\"url\":\"https:\\\/\\\/version-2.com\\\/en\\\/author\\\/tracylamv2\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"ChatGPT and secure coding: The good, the bad, and the dangerous - Version 2","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/nordsecurity.com\/blog\/chatgpt-and-secure-coding","og_locale":"en_US","og_type":"article","og_title":"ChatGPT and secure coding: The good, the bad, and the dangerous - Version 2","og_description":"In the digital landscape, ChatGPT&#8217;s influence is [&hellip;]","og_url":"https:\/\/nordsecurity.com\/blog\/chatgpt-and-secure-coding","og_site_name":"Version 2","article_published_time":"2023-09-27T08:50:43+00:00","og_image":[{"url":"https:\/\/res.cloudinary.com\/nordsec\/f_auto,c_limit,w_1200,q_auto\/v1\/nord-security-web\/blog\/categories\/cybersecurity\/2023\/09\/Featured-image-ChatGPT-and-secure-coding.png","type":"","width":"","height":""}],"author":"tracylamv2","twitter_card":"summary_large_image","twitter_misc":{"Written by":"tracylamv2","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nordsecurity.com\/blog\/chatgpt-and-secure-coding#article","isPartOf":{"@id":"https:\/\/version-2.com\/2023\/09\/chatgpt-and-secure-coding-the-good-the-bad-and-the-dangerous\/"},"author":{"name":"tracylamv2","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/011bc7c3731c930bcfeecd52fefb6365"},"headline":"ChatGPT and secure coding: The good, the bad, and the dangerous","datePublished":"2023-09-27T08:50:43+00:00","mainEntityOfPage":{"@id":"https:\/\/version-2.com\/2023\/09\/chatgpt-and-secure-coding-the-good-the-bad-and-the-dangerous\/"},"wordCount":1441,"commentCount":0,"publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"image":{"@id":"https:\/\/nordsecurity.com\/blog\/chatgpt-and-secure-coding#primaryimage"},"thumbnailUrl":"https:\/\/res.cloudinary.com\/nordsec\/f_auto,c_limit,w_1200,q_auto\/v1\/nord-security-web\/blog\/categories\/cybersecurity\/2023\/09\/Featured-image-ChatGPT-and-secure-coding.png","keywords":["Nord Security","2023","NordLayer"],"articleSection":["2023","NordLayer","Nord Security","Press Release"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/nordsecurity.com\/blog\/chatgpt-and-secure-coding#respond"]}]},{"@type":"WebPage","@id":"https:\/\/version-2.com\/2023\/09\/chatgpt-and-secure-coding-the-good-the-bad-and-the-dangerous\/","url":"https:\/\/nordsecurity.com\/blog\/chatgpt-and-secure-coding","name":"ChatGPT and secure coding: The good, the bad, and the dangerous - Version 2","isPartOf":{"@id":"https:\/\/version-2.com\/zh\/#website"},"primaryImageOfPage":{"@id":"https:\/\/nordsecurity.com\/blog\/chatgpt-and-secure-coding#primaryimage"},"image":{"@id":"https:\/\/nordsecurity.com\/blog\/chatgpt-and-secure-coding#primaryimage"},"thumbnailUrl":"https:\/\/res.cloudinary.com\/nordsec\/f_auto,c_limit,w_1200,q_auto\/v1\/nord-security-web\/blog\/categories\/cybersecurity\/2023\/09\/Featured-image-ChatGPT-and-secure-coding.png","datePublished":"2023-09-27T08:50:43+00:00","breadcrumb":{"@id":"https:\/\/nordsecurity.com\/blog\/chatgpt-and-secure-coding#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nordsecurity.com\/blog\/chatgpt-and-secure-coding"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/nordsecurity.com\/blog\/chatgpt-and-secure-coding#primaryimage","url":"https:\/\/res.cloudinary.com\/nordsec\/f_auto,c_limit,w_1200,q_auto\/v1\/nord-security-web\/blog\/categories\/cybersecurity\/2023\/09\/Featured-image-ChatGPT-and-secure-coding.png","contentUrl":"https:\/\/res.cloudinary.com\/nordsec\/f_auto,c_limit,w_1200,q_auto\/v1\/nord-security-web\/blog\/categories\/cybersecurity\/2023\/09\/Featured-image-ChatGPT-and-secure-coding.png"},{"@type":"BreadcrumbList","@id":"https:\/\/nordsecurity.com\/blog\/chatgpt-and-secure-coding#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9801","item":"https:\/\/version-2.com\/zh\/"},{"@type":"ListItem","position":2,"name":"ChatGPT and secure coding: The good, the bad, and the dangerous"}]},{"@type":"WebSite","@id":"https:\/\/version-2.com\/zh\/#website","url":"https:\/\/version-2.com\/zh\/","name":"Version 2","description":"","publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/version-2.com\/zh\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/version-2.com\/zh\/#organization","name":"Version 2","url":"https:\/\/version-2.com\/zh\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","contentUrl":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","width":1795,"height":335,"caption":"Version 2"},"image":{"@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/011bc7c3731c930bcfeecd52fefb6365","name":"tracylamv2","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g","caption":"tracylamv2"},"url":"https:\/\/version-2.com\/en\/author\/tracylamv2\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pbQRKm-iQy","post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts\/72450","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/users\/149011790"}],"replies":[{"embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/comments?post=72450"}],"version-history":[{"count":7,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts\/72450\/revisions"}],"predecessor-version":[{"id":72457,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts\/72450\/revisions\/72457"}],"wp:attachment":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/media?parent=72450"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/categories?post=72450"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/tags?post=72450"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}