LLMs Detect Logging Code Security Issues: Taxonomy and Benchmark
A new study from arXiv introduces a comprehensive taxonomy of logging code security issues, identifying four categories and ten patterns. Researchers built a benchmark dataset of 101 real-world, manually annotated security issue reports. They propose an automated framework using LLMs to detect and repair insecure logging practices, which can expose sensitive data or enable log injection attacks. The work addresses a gap in systematic analysis of logging security, leveraging contextual knowledge for improved detection.
Key facts
- Taxonomy covers four categories and ten patterns of logging security issues.
- Benchmark dataset includes 101 real-world, manually reviewed reports.
- Automated framework uses LLMs with contextual knowledge for detection and repair.
- Insecure logging can expose sensitive information or enable log injection.
- Study published on arXiv with ID 2604.20211.
- Prior research focused on general defects, not security-specific issues.
- Framework aims to evaluate LLM capabilities in logging security.
- Research addresses limited systematic analysis of logging code security.
Entities
Institutions
- arXiv