ROBERTA DE LUCA

PhD student in Information Technology and Eletrical Engineering (ITEE).

University of Naples Federico II, Naples, Italy

I am a Ph.D. Student in Information Technologies and Electrical Engineering (ITEE) and member of Dependable and Secure Software Engineering and Real-Time Systems (DESSERT) group at the University of Naples Federico II. My research activity focuses on the Trustworthiness of AI Code Generators.

Publications

DeVAIC: A tool for security assessment of AI-generated code

Domenico Cotroneo, Roberta De Luca, Pietro Liguori

Information and Software Technology (IST), 2025

With the rise of AI code generators transforming software development, ensuring the security of AI-generated code has become more crucial than ever. Traditional static analysis tools often fall short when evaluating incomplete code snippets produced by these AI models, leaving potential vulnerabilities undetected. To address this gap, we've developed DeVAIC, a lightweight and efficient tool designed to detect vulnerabilities in AI-generated Python code, even when the code isn't complete. We used DeVAIC to detect vulnerabilities in the code generated by well-known public AI-code generators. Our experiments show that DeVAIC outperforms state-of-the-art static analysis tools in identifying vulnerabilities while maintaining low computational times. The paper detailing this work has just been accepted for publication in the Information and Software Technology journal! Let's continue to make AI-generated code more secure and trustworthy!

Securing AI Code Generation Through Automated Pattern-Based Patching

Francesco Altiero, Domenico Cotroneo, Roberta De Luca, Pietro Liguori

8th Dependable and Secure Machine Learning (DSN-DSML 2025), 2025

As AI code generators rapidly transform software development, the risk of introducing subtle yet critical vulnerabilities grows. Existing patching techniques often struggle with high false-positive rates and with producing reliable, maintainable fixes — leaving developers without effective support.

PatchitPy addresses these challenges with a lightweight, pattern-matching approach specifically designed to detect and patch vulnerabilities in Python code. To thoroughly test the solution, we collected 609 Python snippets generated by three widely used AI code generators — GitHub Copilot, Claude-3.7-Sonnet, and DeepSeek-V3.

Experimental results show that PatchitPy significantly outperforms state-of-the-art techniques in both detection and repair. It achieves an F1 score of 93% and an accuracy of 89% in vulnerability detection, while delivering high-quality patches with an 80% successful repair rate. Importantly, PatchitPy preserves code quality, introducing minimal additional complexity and ensuring long-term maintainability.

A promising step toward making AI-generated code safer, more reliable, and ready for real-world development workflows.

Education

[Ongoing] Ph.D. in Information Technology and Electrical Engineering (ITEE)

University of Naples Federico II 2023 - present
Naples, Italy

Securing Automated Software Development: Trustworthiness of AI Code Generators.

Supervisor: Prof. Domenico Cotroneo

Invited Research Scholar

Universidade de Coimbra (UC) Feb. 2025 - Oct. 2025
Coimbra, Portugal

Under the supervision of Prof. Naghmeh Ramezani Ivaki in the Department of Informatics Engineering (DEI)

Master's in Computer Engineering

University of Naples Federico II 2021 - 2023
Naples, Italy

Specialized in cybersecurity.

Thesis title: "Software Vulnerability Analysis for AI-generated code."

110/110 cum laude

Courses included:

  • Network Security
  • Software Security
  • System Security
  • Statistical analysis, Performance, Reliability, and Safety in Processing Systems

Bachelor's in Computer Engineering

University of Naples Federico II 2018 - 2021
Naples, Italy

Focused on programming, algorithms, and the fundamentals of software engineering.

Thesis title: "Study of input validation vulnerabilities in web applications and related countermeasures."

110/110 cum laude

Courses included:

  • Software Engineering
  • Operating Systems
  • Database
  • Artificial Intelligence
  • Computer Networks

Thesis

MSc Theses

Thesis Co-Advisor, Software Security, "Beyond AI Generation: Securing C/C++ Code Produced by Self-Aware LLMs",
Emanuele Faggio, M63001369, 2024/25
Thesis Co-Advisor, Software Security, "Un Framework per il Testing del Codice Generato da AI tramite Prompt Engineering nella Cybersecurity",
Alessia Trapani, M63001278, 2024/25
Thesis Co-Advisor, Impianti di Elaborazione, "Trust, but Patch: A Visual Studio Code Extension for Securing AI-Generated Python using Regex",
Francesco Altiero, M63001609, 2024/25
Thesis Co-Advisor, Impianti di Elaborazione, "Built to Break: Fine-tuning Language Models for Vulnerability Injection in Python Code",
Giuseppe Mazzocca, M63001610, 2024/25
Thesis Co-Advisor, Software Security, "Automated Vulnerability Remediation with DeVAIC tool in VS Code",
Stefano Guarino, M63001447, 2023/24
Thesis Co-Advisor, Impianti di Elaborazione, "Can we trust AI code generators? Automated security analysis of AI-generated C Code",
Cristian Cataldo, M63001462, 2023/24
Thesis Co-Advisor, Software Security, "Prompt Engineering for Offensive Code Generation",
Gianfranco Coppola, M63001194, 2023/24
Thesis Co-Advisor, Impianti di Elaborazione, "Detection and Remediation of Software Vulnerabilities in AI-generated code",
Ferdinando Simone D’Agostino, M63001274, 2022/23

BSc Theses

Thesis Co-Advisor, Sistemi Operativi, "Software vulnerability detection and patching using LLMs",
Francesca Grasso, N46006439, 2023/24
Thesis Co-Advisor, Laboratorio di Programmazione, "Evaluating Software Vulnerabilities in Public AI Code Generators",
Francesco Balassone, N46005679, 2022/23
Thesis Co-Advisor, Laboratorio di Programmazione, "Valutazione della Sicurezza dei Dataset per l'addestramento dei modelli di Code Generation",
Eros Cribello, N46004376, 2022/23

Teaching Assistant

Impianti di Elaborazione

University of Naples Federico II 2024 - present
Naples, Italy

Computer Engineering MSc course on advanced topics in system performance and reliability.

Professor: Domenico Cotroneo

Committees Activities

Artifact Evaluation Committee Member for:

  • The 55th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2025)
    • Naples, Italy2025

Program Committee Member for:

  • 3rd International Workshop on Reliable and Secure AI for Software Engineering (ReSAISE 2025)
    • Co-located with ISSRE 2025, São Paulo, Brazil2025
  • 2nd International Workshop on Reliable and Secure AI for Software Engineering (ReSAISE 2024)
    • Co-located with ISSRE 2024, Tsukuba, Japan2024

Reviewing activities for:

  • 36th IEEE International Symposium on Software Reliability Engineering (ISSRE 2025)
    • São Paulo, Brazil2025
  • 55th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2025)
    • Naples, Italy2025
  • 2nd International Workshop on Reliable and Secure AI for Software Engineering (ReSAISE 2024)
    • Co-located with ISSRE 2024, Tsukuba, Japan2024
  • 35th IEEE International Symposium on Software Reliability Engineering (ISSRE 2024)
    • Tsukuba, Japan2024
  • 13th Latin-American Symposium on Dependable and Secure Computing (LADC 2024)
    • Recife, Brazil2024
  • 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2024)
    • Brisbane, Australia2024

Membership of Scientific Societies

IEEE Unina Student Branch

Head of Program Committee2019 - 2021

University of Naples Federico II, Naples, Italy