The Impact of Copilot on Quality and Security in Open-Source Software

In collaboration with:
SUE Logo
Back to overview

Download research

* required

By submitting this form, you confirm that you have read and understood our privacy statement.

In collaboration with Tilburg University

This research explores the impact of AI-driven code development, with a specific focus on GitHub Copilot, on the quality and security of open-source software (OSS). With OSS now a crucial part of modern software ecosystems and the number of data breaches and hacks on the rise, this study examines how AI code development affects the quality and security of OSS.

The impact of Copilot on quality and security in open-source software

This study analyzes the impact of AI-assisted code development, using GitHub Copilot as a case study, on both the quality and security of open-source software. Given the widespread adoption of OSS in everyday business processes, it is crucial to understand how new AI tools influence these ecosystems.

Research question and methodology

The central research question is: "How does Artificial Intelligence code development influence the quality and security of open-source software?"
This question is particularly relevant given the large-scale use of OSS in a wide range of sectors. The research uses a quantitative methodology and analyzes metrics such as maintainability issues, reliability issues, technical debt, security issues, and security hotspots, taking into account the influence of lines of code (LOC).

Research design and techniques

The study uses regression analysis and SonarQube scans to measure changes in quality and security over a two-year period: one year before and one year after the introduction of Copilot. The GitHub repositories used are divided into two groups: a treatment group and a control group. The treatment group consists of programming languages such as Python and JavaScript, while the control group includes languages such as C, C#, and R.

Results: productivity gains versus quality and security considerations

The findings show a two-sided effect of AI code development. On the one hand, Copilot significantly increases productivity, as evidenced by a 25% increase in LOC. On the other hand, this productivity gain is accompanied by an increase in maintainability issues, reliability issues, and technical debt. When controlling for LOC, Copilot's direct impact on these quality metrics decreases. This suggests that a large part of the observed effects is caused by the growth of the codebase itself.

Security insights and implications

In the area of security, the results show a nuanced picture. There has been a significant increase in security hotspots, while no clear direct relationship with actual security issues has been found. Specifically, there has been a 17.6% increase in security hotspots, which decreases to 3.9% when controlled for LOC. These findings underscore that AI code development cannot be viewed separately from the expertise and choices of developers. Although no direct significant effect of Copilot on quality and security has been established, the research does show that the use of AI tools by developers has a clear influence on these metrics.

Download
Share this:
Share this:
Table of Contents

Related research

In collaboration with Utrecht University

An assessment of Zero-Shot Open Book Question Answering using Large Language Models

Comparison of the performance of state-of-the-art language models in a Zero-Shot Open Domain Question Answering setting for technical topics, with a specific focus on cloud technology and containerization.
Expertise: Data & AI
Read more
In collaboration with Utrecht University

Investigating Open Source Transformer Techniques for Question Answering Systems on Cloud Domain

In recent years, there has been a surge of interest in Question Answering (QA) systems, making this a prominent area of research within Natural Language Processing (NLP).
Expertise: Data & AI
Read more
In collaboration with Utrecht University

Service Level Objective-Aware Infrastructure as Code Generation: Bridging AI and Cloud Deployment Constraints

This research investigates the automation of Infrastructure as Code (IaC) in cloud-native environments using Large Language Models and Service Level Objectives (SLOs). It analyzes how AI-driven IaC can simplify complex cloud designs and enable dynamic deployments while ensuring performance and reliability.
Expertise: Application Modernization, Data & AI, Platform Engineering
Read more
Privacy overview
This website uses cookies. We use cookies to ensure that our website and services function properly, to gain insight into the use of our website, and to improve our products and marketing. For more information, please read our privacy and cookie policy.