Integrating Artificial Open Generative Artificial Intelligence into Software Supply Chain Security
This work addresses security challenges in software supply chains for developers and organizations, but it is incremental as it builds on existing LLM applications without major breakthroughs.
The paper tackled software supply chain security by testing open Large Language Models (LLMs) on source code errors and deprecated code, finding that while LLMs show potential to replace conventional scanners, they face limitations in memory complexity and handling unfamiliar data patterns.
While new technologies emerge, human errors always looming. Software supply chain is increasingly complex and intertwined, the security of a service has become paramount to ensuring the integrity of products, safeguarding data privacy, and maintaining operational continuity. In this work, we conducted experiments on the promising open Large Language Models (LLMs) into two main software security challenges: source code language errors and deprecated code, with a focus on their potential to replace conventional static and dynamic security scanners that rely on predefined rules and patterns. Our findings suggest that while LLMs present some unexpected results, they also encounter significant limitations, particularly in memory complexity and the management of new and unfamiliar data patterns. Despite these challenges, the proactive application of LLMs, coupled with extensive security databases and continuous updates, holds the potential to fortify Software Supply Chain (SSC) processes against emerging threats.