Enhancing Vulnerability Management with Artificial Intelligence Algorithms
Downloads
The rising number of vulnerabilities, highlights the growing cybersecurity challenges and the need for robust vulnerability management. This paper examines the role of Artificial Intelligence in enhancing vulnerability detection and management, focusing on scalable and accurate solutions to address large-scale codebase analysis. AI-driven techniques bridge traditional static analysis and advanced detection, uncovering hidden vulnerabilities and improving efficiency. Future research should optimize these tools for diverse languages, Secure Software Development Life Cycle workflows, and predictive threat analysis. These advancements highlight AI's potential to strengthen software security in an increasingly complex threat landscape.
Downloads
"CVE metrics," CVE org, 2023. [Online]. Available: https://www.cve.org/about/Metrics. [Accessed 10 November 2024].
Z. Simas, "Unpacking the MOVEit Breach: Statistics and Analysis," EMSISoft, 18 July 2023. [Online]. Available: https://www.emsisoft.com/en/blog/44123/unpacking-the-moveit-breach-statistics-and-analysis/. [Accessed 10 November 2024].
OWASP, "OWASP Top Ten," OWASP, [Online]. Available: https://owasp.org/www-project-top-ten/. [Accessed 1 November 2024].
Tenable IO, "Tenable One," Tenable IO, October 2022. [Online]. Available: https://www.tenable.com/products/tenable-one. [Accessed 1 November 2024].
"Leveraging AI-informed Cybersecurity to Measure, Communicate, and Eliminate Cyber Risk," Qualys, 9 November 2023. [Online]. Available: https://blog.qualys.com/qualys-insights/qualys-security-conference/2023/11/09/leveraging-ai-informed-cybersecurity-to-measure-communicate-and-eliminate-cyber-risk. [Accessed 12 November 2024].
K. Lynas-Blunt, "Securely Build AI/ML Applications in the Cloud with Rapid7 InsightCloudSec," Rapid7, 22 December 2023. [Online]. Available: https://www.rapid7.com/blog/post/2023/12/22/securely-build-ai-ml-applications-in-the-cloud-with-rapid7-insightcloudsec/. [Accessed 1 November 2024].
"The all-in-one open source security scanner," AquaSec, [Online]. Available: https://trivy.dev. [Accessed 28 October 2024].
Panca, Rizki, Perkasa., Evangs, Mailoa, "Adopsi devsecops untuk mendukung metode agile menggunakan trivy sebagai security scanner docker image dan dockerfile," Jurnal Indonesia : Manajemen Informatika dan Komunikasi, vol. 4, no. 3, pp. 856-863, 2023.
"Snyk Code: Developer-focused, real-time SAST," Snyk, [Online]. Available: https://snyk.io/product/snyk-code/. [Accessed 1 November 2024].
"Finding security vulnerabilities and errors in your code with code scanning," GitHub, 2024. [Online]. Available: https://docs.github.com/en/code-security/code-scanning. [Accessed 12 November 2024].
A. Sharma, "What Is a Code Vulnerability Analyzer?," Armur AI, 3 September 2024. [Online]. Available: https://armur.ai/blogs/posts/code_vulnerability_analyzer/. [Accessed November 2024].
D. McInerney, M. Salvati, "Vulnhuntr GitHub repository," ProductAI, 9 November 2024. [Online]. Available: https://github.com/protectai/vulnhuntr. [Accessed 14 November 2024].
H. Hanif, S. Maffeis, "Vulberta: Simplified source code pre-training for vulnerability detection," in International Joint Conference on Neural Networks (IJCNN), 2022.
Y. Wu, D. Zou, S. Dou, S. Dou, W. Yang, D. Xu, H. Jin, "VulCNN: An Image-inspired Scalable Vulnerability Detection System," 2022 IEEE/ACM 44th International Conference on Software Engineering (ICSE), pp. 2365-2376, 2022.
"NIST Software Assurance Reference Dataset," Software Assurance Metrics And Tool Evaluation, [Online]. Available: https://samate.nist.gov/SARD. [Accessed 10 November 2024].
"National Institute of Standards and Technology," US Department of Commerce, [Online]. Available: https://www.nist.gov. [Accessed 10 November 2024].
"Libav GitHub repository," Libav, [Online]. Available: https://github.com/libav/libav. [Accessed 15 October 2024].
"Xen Project archives," Xen Project, [Online]. Available: https://xenproject.org/xen-project-archives/. [Accessed 1 November 2024].
"Seamonkey Project," [Online]. Available: https://www.seamonkey-project.org/. [Accessed 15 October 2024].