On managing vulnerabilities in AI/ML systems
It addresses the problem of managing vulnerabilities in AI/ML systems for security practitioners and researchers, but it is incremental as it proposes a thought experiment rather than a new solution.
This paper explores how vulnerability management could adapt to include machine learning systems by considering the assignment of Common Vulnerabilities and Exposures (CVE) identifiers to ML flaws, aiming to bridge communication gaps between academic research and operational communities.
This paper explores how the current paradigm of vulnerability management might adapt to include machine learning systems through a thought experiment: what if flaws in machine learning (ML) were assigned Common Vulnerabilities and Exposures (CVE) identifiers (CVE-IDs)? We consider both ML algorithms and model objects. The hypothetical scenario is structured around exploring the changes to the six areas of vulnerability management: discovery, report intake, analysis, coordination, disclosure, and response. While algorithm flaws are well-known in the academic research community, there is no apparent clear line of communication between this research community and the operational communities that deploy and manage systems that use ML. The thought experiments identify some ways in which CVE-IDs may establish some useful lines of communication between these two communities. In particular, it would start to introduce the research community to operational security concepts, which appears to be a gap left by existing efforts.