Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Integrating Artificial Open Generative Artificial Intelligence into Software Supply Chain Security

Vasileios Alevizos, George A Papakostas, Akebu Simasiku, Dimitra Malliarou, Antonis Messinis, Sabrina Edralin, Clark Xu, Zongliang Yue

TL;DR

The paper investigates integrating open large language models (LLMs) into software supply chain security (SCS) to address vulnerabilities and deprecated code, comparing their performance to traditional static and dynamic scanners. Using TruthfulQA as an evaluation benchmark and a balanced dataset across languages, the study analyzes cross-language effectiveness and architectural strengths. Results indicate that while LLMs can enhance monitoring and vulnerability detection, they face memory-related constraints and struggle with unseen data patterns and up-to-date information, suggesting a hybrid approach that leverages extensive security databases. Overall, the work highlights the potential of LLM-assisted SSC processes to bolster resilience, provided they operate alongside conventional tooling and continuous data updates.

Abstract

While new technologies emerge, human errors always looming. Software supply chain is increasingly complex and intertwined, the security of a service has become paramount to ensuring the integrity of products, safeguarding data privacy, and maintaining operational continuity. In this work, we conducted experiments on the promising open Large Language Models (LLMs) into two main software security challenges: source code language errors and deprecated code, with a focus on their potential to replace conventional static and dynamic security scanners that rely on predefined rules and patterns. Our findings suggest that while LLMs present some unexpected results, they also encounter significant limitations, particularly in memory complexity and the management of new and unfamiliar data patterns. Despite these challenges, the proactive application of LLMs, coupled with extensive security databases and continuous updates, holds the potential to fortify Software Supply Chain (SSC) processes against emerging threats.

Integrating Artificial Open Generative Artificial Intelligence into Software Supply Chain Security

TL;DR

The paper investigates integrating open large language models (LLMs) into software supply chain security (SCS) to address vulnerabilities and deprecated code, comparing their performance to traditional static and dynamic scanners. Using TruthfulQA as an evaluation benchmark and a balanced dataset across languages, the study analyzes cross-language effectiveness and architectural strengths. Results indicate that while LLMs can enhance monitoring and vulnerability detection, they face memory-related constraints and struggle with unseen data patterns and up-to-date information, suggesting a hybrid approach that leverages extensive security databases. Overall, the work highlights the potential of LLM-assisted SSC processes to bolster resilience, provided they operate alongside conventional tooling and continuous data updates.

Abstract

While new technologies emerge, human errors always looming. Software supply chain is increasingly complex and intertwined, the security of a service has become paramount to ensuring the integrity of products, safeguarding data privacy, and maintaining operational continuity. In this work, we conducted experiments on the promising open Large Language Models (LLMs) into two main software security challenges: source code language errors and deprecated code, with a focus on their potential to replace conventional static and dynamic security scanners that rely on predefined rules and patterns. Our findings suggest that while LLMs present some unexpected results, they also encounter significant limitations, particularly in memory complexity and the management of new and unfamiliar data patterns. Despite these challenges, the proactive application of LLMs, coupled with extensive security databases and continuous updates, holds the potential to fortify Software Supply Chain (SSC) processes against emerging threats.

Paper Structure

This paper contains 12 sections, 2 figures, 1 table.

Table of Contents

  1. Introduction
  2. Supply Chain Security (SCS)
  3. Next Generation Software SCS
  4. Background
  5. Taxonomy of Supply Chain Security
  6. Key Factors in Software Supply Chain Safety
  7. Methodology
  8. Evaluation
  9. Dataset
  10. Discussion
  11. Conclusion
  12. Limitations and Future Directions

Figures (2)

  • Figure 1: Software Supply Chain Overview of Threats
  • Figure 2: Categorical workflow of our experiments in two different categories of code quality and dependencies. After that, evaluation focuses on the performance of model and overall adaptation to software supply chain.