Bridging the Gap: A Study of AI-based Vulnerability Management between Industry and Academia
arxiv(2024)
摘要
Recent research advances in Artificial Intelligence (AI) have yielded
promising results for automated software vulnerability management. AI-based
models are reported to greatly outperform traditional static analysis tools,
indicating a substantial workload relief for security engineers. However, the
industry remains very cautious and selective about integrating AI-based
techniques into their security vulnerability management workflow. To understand
the reasons, we conducted a discussion-based study, anchored in the authors'
extensive industrial experience and keen observations, to uncover the gap
between research and practice in this field. We empirically identified three
main barriers preventing the industry from adopting academic models, namely,
complicated requirements of scalability and prioritization, limited
customization flexibility, and unclear financial implications. Meanwhile,
research works are significantly impacted by the lack of extensive real-world
security data and expertise. We proposed a set of future directions to help
better understand industry expectations, improve the practical usability of
AI-based security vulnerability research, and drive a synergistic relationship
between industry and academia.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要