Generative Pre-Trained Transformers, Natural Language Processing and Artificial Intelligence and Machine Learning (AI/ML) in Software Vulnerability Management: automations in the Software Bill of Materials (SBOM) and the Vulnerability-Exploitability eXchange (VEX)

Petar Radanliev; David De Roure; Omar Santos

doi:10.20944/preprints202307.1303.v1

Submit preprint
How it Works
Instructions for Authors
Subject Areas
Advisory Board
screening preprints
About
Awards
Log in/Register

Instructions for Authors
Awards
About
FAQ
Submit Log in/Register

Share this article with

Create alert

Email:

Load new image

preprints.org > computer science and mathematics > artificial intelligence and machine learning > doi: 10.20944/preprints202307.1303.v1

Preprint Article Version 1 Preserved in Portico This version is not peer-reviewed

Generative Pre-Trained Transformers, Natural Language Processing and Artificial Intelligence and Machine Learning (AI/ML) in Software Vulnerability Management: automations in the Software Bill of Materials (SBOM) and the Vulnerability-Exploitability eXchange (VEX)

Petar Radanliev

^* ,

David De Roure

Omar Santos

Version 1 : Received: 19 July 2023 / Approved: 19 July 2023 / Online: 19 July 2023 (07:16:14 CEST)

How to cite: Radanliev, P.; De Roure, D.; Santos, O. Generative Pre-Trained Transformers, Natural Language Processing and Artificial Intelligence and Machine Learning (AI/ML) in Software Vulnerability Management: automations in the Software Bill of Materials (SBOM) and the Vulnerability-Exploitability eXchange (VEX). Preprints 2023, 2023071303. https://doi.org/10.20944/preprints202307.1303.v1 Radanliev, P.; De Roure, D.; Santos, O. Generative Pre-Trained Transformers, Natural Language Processing and Artificial Intelligence and Machine Learning (AI/ML) in Software Vulnerability Management: automations in the Software Bill of Materials (SBOM) and the Vulnerability-Exploitability eXchange (VEX). Preprints 2023, 2023071303. https://doi.org/10.20944/preprints202307.1303.v1

Cite

Export citation file: Bib TeX | RIS

MDPI and ACS Style

Radanliev, P.; De Roure, D.; Santos, O. Generative Pre-Trained Transformers, Natural Language Processing and Artificial Intelligence and Machine Learning (AI/ML) in Software Vulnerability Management: automations in the Software Bill of Materials (SBOM) and the Vulnerability-Exploitability eXchange (VEX). Preprints 2023, 2023071303. https://doi.org/10.20944/preprints202307.1303.v1

APA Style

Radanliev, P., De Roure, D., & Santos, O. (2023). Generative Pre-Trained Transformers, Natural Language Processing and Artificial Intelligence and Machine Learning (AI/ML) in Software Vulnerability Management: automations in the Software Bill of Materials (SBOM) and the Vulnerability-Exploitability eXchange (VEX). Preprints. https://doi.org/10.20944/preprints202307.1303.v1

Chicago/Turabian Style

Radanliev, P., David De Roure and Omar Santos. 2023 "Generative Pre-Trained Transformers, Natural Language Processing and Artificial Intelligence and Machine Learning (AI/ML) in Software Vulnerability Management: automations in the Software Bill of Materials (SBOM) and the Vulnerability-Exploitability eXchange (VEX)" Preprints. https://doi.org/10.20944/preprints202307.1303.v1

Abstract

One of the most burning topics in cybersecurity in 2023 will undoubtedly be the compliance with the Software Bill of Materials. Since the US president issued the Executive Order 14028 on Improving the Nation’s Cybersecurity, software developers have prepared and bills are transmitted to vendors, customers, and users, but they don’t know what to do with the reports they are getting. In addition, since software developers have identified the values of the Software Bill of Materials, they have been using the reports extensively. This article presents an estimate of 270 million requests per month, just from form one popular tool to one vulnerability index. This number is expected to double every year and a half. This simple estimate explains the urgency for automating the process. We propose solutions based on artificial intelligence and machine learning, and we base our tools on the existing FAIR principles (Findable, Accessible, Interoperable, and Reusable). This methodology is supported with a case study research and Grounded theory, for categorising data into axis, and for verifying the values of the tools with experts in the field. We showcase how to create, and share Vulnerability Exploitability eXchange data, and automate the Software Bill of Materials compliance process with AI models and a unified computational framework combining solutions for the following problems: (1) the data utilisation problem, (2) the automation and scaling problem, (3) the naming problem, (4) the alignment problem, (5) the pedigree, and provenance problem, and many other problems that are on the top of mind for many security engineers at present. The uptake of these findings will depend on collaborations with government and industry, and on the availability and the ease of use of automated tools.

Keywords

Artificial Intelligence and Machine Learning (AI/ML); Cyber vulnerability management; Software Bill of Materials (SBOM); Vulnerability-Exploitability eXchange (VEX); Common Security Advisory Framework (CSAF); Software Supply Chain Cyber Risk

Subject

Computer Science and Mathematics, Artificial Intelligence and Machine Learning

Copyright: This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Download PDF

Comments (0)

Not displayed online.

Importance: How significant is the paper to the field?

Outstanding/highlight paper

Significant contribution

Incremental contribution

No contribution

I am not qualified to judge

Soundness of evidence/arguments presented:

Conclusions well supported

Most conclusions supported (minor revision needed)

Incomplete evidence (major revision needed)

Hypothesis, unsupported conclusions, or proof-of-principle

I am not qualified to judge

Please leave your comment to this article below.

Mathematical equations can be typed in either LaTeX formats \\[ ... \\] or $$ ... $$, or MathML format <math> ... </math>. Try the LaTeX or MathML example.

Type equation:

Preview:

Copy equation into message below

Close menu

Please click a symbol to insert it into the message box below:

Please enter the link here:

Please enter a valid URL

Optionally, you can enter text that should appear as linked text:

Copy link into message below

Close menu

Please enter or paste the URL to the image here (please only use links to jpg/jpeg, png and gif images):

Please enter a valid URL

Copy image into message below

Close menu

Type author name or keywords to filter the list of references in this group (you can add a new citation under Bibliography):

No existing citations in Discussion Group

Wikify editor is a simple editor for wiki-style mark-up. It was written by MDPI for Sciforum in 2014. The rendering of the mark-up is based on Wiky.php with some tweaks. Rendering of mathematical equations is done with MathJax. Please send us a message for support or for reporting bugs.

Close menu

Please declare any conflicts of interest you may have with this paper, financial or otherwise.

I do not have a conflict of interest

I would like to declare a conflict of interest

Display my name on the website Send my name and email address to the authors

Captcha

Renew

I accept the following conditions:

Comments must follow the standards of professional discourse and should focus on the scientific content of the article. Insulting or offensive language, personal attacks and off-topic remarks will not be permitted. Comments must be written in English. Preprints reserves the right to remove comments without notice. Readers who post comments are obliged to declare any competing interests, financial or otherwise.

We encourage comments and feedback from a broad range of readers. See criteria for comments and our Diversity statement.

Leave a public comment
Send a private comment to the author(s)

* All users must log in before leaving a comment

what’s this?

Add a record of this review to Publons to track and showcase your reviewing expertise across the world’s journals.

Downloads 0

Comments 0

Metrics 0

Get PDF Cite Share 0

Bookmark BibSonomy Mendeley Reddit Delicious

Alerts

Notify me about updates to this article or when a peer-reviewed version is published.

Preprints.org is a free preprint server subsidized by MDPI in Basel, Switzerland.

MDPI Initiatives

SciProfiles
Sciforum
Encyclopedia
MDPI Books
Scilit
Proceedings
JAMS

Important links

How it Works
Advisory Board
FAQ
Friendly Journals
Instructions for Authors
About
Statistics

Choose the area that interest you and we will send you notifications of new preprints at your preferred frequency.

Disclaimer

We use cookies on our website to ensure you get the best experience.
Read more about our cookies here.

RSS feed for

Preprints: The Multidisciplinary Preprint Platform

Paste the URL in your RSS reader:

https://www.preprints.org/rss

If you want to subscribe our website in subject-wide, you could find the URL by choosing in the following:

https://www.preprints.org/rss

Please note that by using ScienceDirect RSS feeds, you agree to our Terms of Use and Privacy Policy.