The one where Progress OpenEdge Meets Large Language Models

 

Starting Point

 

I had the opportunity to explore some parts of Progress OpenEdge that are not that well known or extensively explored. Does Progress OpenEdge provide a security infrastructure? Are there vulnerabilities that might slip by unnoticed? Is there a strategy for overcoming and preventing security issues when writing OpenEdge code? These are some of the questions I asked myself while developing my master’s degree project. While some of these questions remain open, others have been partially or fully answered through research and experimentation.

So what do Progress OpenEdge and security have in common? At first glance, the relationship is not obvious. However, after closer investigation, it becomes clear that OpenEdge and security share a subtle but important connection—one that is often overlooked by developers. Like any mature programming language and platform, Progress OpenEdge has its own set of vulnerabilities, many of which can be unintentionally ignored during day-to-day development.

This work explores how modern AI techniques—specifically Large Language Models (LLMs)—can assist developers in identifying and mitigating potential security issues in OpenEdge code.

 

The Journey

 

Security in OpenEdge often depends on how consistently developers apply best practices in ABL code. I identified some possible bad practices and included them in my experimentation:

  • Dynamic queries constructed from unvalidated input
  • Improper handling of database permissions
  • Hardcoded credentials or configuration values
  • CRUD Operations on Database Records Without DO TRANSACTION

 

Then came the question where can Progress OpenEdge and AI concepts meet? And the answer was LLMs. Large Language Models have demonstrated strong capabilities in:

  • Understanding programming language syntax and semantics
  • Identifying patterns associated with poor coding practices
  • Providing human-readable explanations and recommendations

 

So, the goal of this project was to explore whether LLMs could be effectively applied to Progress OpenEdge ABL, a language that is underrepresented in most AI training datasets.

 

Results and lessons learnt

 

The result was an Eclipse plugin that enables developers to upload Progress OpenEdge source files, which are then analyzed by a fine-tuned AI model in the backend. The model is trained specifically to understand the structure, syntax, and common security patterns in OpenEdge ABL code. The system demonstrated the ability to:

  • Detect potentially unsafe coding practices
  • Provide understandable explanations tailored to OpenEdge developers
  • Suggest security improvements rather than only pointing out problems

 

An important observation was that the quality of feedback improved after fine-tuning, confirming that domain-specific examples are critical when applying LLMs to niche languages. Here is a sample of how the plugin looks like:

 

 

I personally learnt a lot in the process, both about structures and practices in Progress code and about LLMs and fine-tuning. What I consider important is that this project demonstrates that AI-powered tools can help bridge the gap between security theory and everyday development practice.

 

Next destinations

 

One of the points that could be explored in the future is the model selection. I chose OpenAI and Llama given the resources I had, but there are other models that would perform better on my case because they are pre-trained specifically on code. Examples would be: StarCoder, DeepSeek-Coder, CodeQwen-Coder, CodeT5+. They could be considered next iteration on the project.

 

Ending thoughts

 

In conclusion, I think that Progress OpenEdge and security share a deeper relationship than is commonly assumed. While the platform provides strong security mechanisms, much of the responsibility lies in how developers write and maintain ABL code. By integrating AI directly into the development workflow, it becomes possible to identify hidden risks, encourage secure coding habits, and improve the overall security posture of OpenEdge applications.

Thank you for following me on this journey, and see you in the next ones!

 

 

 

 

Author: Diana Ciupeiu, Developer

Diana is a curious and well-organized person with a strong interest in continuous learning and personal growth. Creative by nature and eager to explore new challenges, she enjoys turning ideas into practice and is always looking for opportunities to improve her skills and gain experience.

SEE HOW WE WORK.

Get in touch
our services

FOLLOW US