Modern language models (LMs) have gained widespread acceptance in everyday and professional contexts, particularly in programming. An essential procedure enabling this adoption is instruction tuning, which substantially enhances LMs' practical utility by training them to follow user instructions and human preferences. However, existing instruction tuning schemes overlook a crucial aspect: the security of generated code. As a result, even the state-of-the-art instruction-tuned LMs frequently produce unsafe code, posing significant security risks. In this work, we introduce SafeCoder to address this gap. SafeCoder performs security-centric fine-tuning using a diverse and high-quality dataset that we collected using an automated pipeline. We integrate the security fine-tuning with standard instruction tuning, to facilitate a joint optimization of both security and utility. Despite its simplicity, we show that SafeCoder is effective across a variety of popular LMs and datasets. It is able to drastically improve security (by about 30%), while preserving utility.

翻译：现代语言模型（LM）已在日常和专业场景中得到广泛应用，尤其在编程领域。推动这一应用的关键流程是指令调优，该技术通过训练模型遵循用户指令和人类偏好，显著提升了语言模型的实际效用。然而，现有的指令调优方案忽视了一个关键维度：生成代码的安全性。因此，即使是当前最先进的指令调优语言模型也常生成不安全的代码，带来严重的安全风险。本研究提出SafeCoder以弥补这一不足。SafeCoder采用我们通过自动化流程收集的多样化高质量数据集，进行以安全为中心的微调。我们将安全微调与标准指令调优相结合，以实现安全性与实用性的联合优化。尽管方法简洁，我们证明SafeCoder在多种主流语言模型和数据集上均表现有效。该方法能够显著提升安全性（约30%），同时保持实用性。