Back to overview

Download research

* required

By downloading you indicate that you have taken note of our privacy Statement.

The Impact of Copilot on Quality and Security in Open-Source Software

This research explores the impact of artificial intelligence code development, specifically focusing on GitHub Copilot, on the quality and security of open-source software (OSS). With OSS becoming a crucial part of software ecosystems and the rise of data breaches and hacks, this study investigates the influence of AI code development on the quality and security of OSS.

The research question addressed is ”How does Artificial Intelligence code development impact the quality and security of open source software?” This topic is particularly important due to the large adoption of OSS in day to day operations. The study employs a quantitative research methodology, the research explores metrics including maintainability issues, reliability issues, technical debt, security issues, and security hotspots, while accounting for the influence of lines of code (LOC).

The study employs regression analysis and Sonarqube scans to determine the quality and security fluctuation over a period of 2 years. One year before the release and one year after. GitHub repositories used in the study are split in two groups, one group the treatment group and the other the control group. The treatment group entails programming languages such as Python and JavaScript and the control group contains C, C#, and R. The findings reveal a dual-edged nature of AI code development. Firstly, Copilot significantly enhances productivity, as evidenced by a 25% increase in LOC. In contrast, this increase in productivity is followed by rises in maintainability issues, reliability issues, and technical debt. When controlling for LOC, the direct impact of Copilot on these quality metrics decreases, suggesting that much of the observed effects are mediated by the increase in code base. Security metrics reveal mixed results, with a significant increase in security hotspots but no clear association with security issues, revealing the nuanced role of AI in software development. This is indicated by a 17.6% increase in security hotspots, which reduces to a small 3.9% increase after controlling for LOC. These results show a shift in how AI code development should be approached, highlighting the interplay between AI code development and developer expertise. The results did not find a direct significant impact of Copilot on quality and security but did demonstrate the influence of developer usage of AI code development on these metrics.

Stay up to date
By signing up for our newsletter you indicate that you have taken note of our privacy statement.
Nick Methorst

Let's talk!

info@sue.nl +31 345 656 666

* required

By sending this form you indicate that you have taken note of our privacy Statement.

Related resources

Evaluation of current TCP Prague implementation

*Collaboration with the University of Amsterdam* | We have evaluated the different implementations of TCP Prague to ensure fairness of internet usage, addressing the coexistence problem between scalable and non-scalable TCP traffic and between scalable CC implementations, ensuring equal access to the internet for everyone.

Published

10.07.2021

Utilizing eBPF for Malware Analysis

*Collaboration the with University of Amsterdam* | Cybercrime poses a huge financial problem for organizations worldwide. In 2021, the financial damages caused by cybercrime were estimated to approach up to 6 trillion dollars.

Published

28.02.2024

Collaborative Edge-Cloud Computing for Efficient Resource Utilisation

*Collaboration with the University of Amsterdam* | Nowadays, the computing requirements for running different applications keep increasing. When setting up a system to run these apps, there are multiple possibilities to take into account.

Published

09.01.2025

Privacy Overview
This website uses cookies. We use cookies to ensure the proper functioning of our website and services, to analyze how visitors interact with us, and to improve our products and marketing strategies. For more information, please consult our privacy- en cookiebeleid.