The software supply chain is vital to the modern world and requires robust security in order to keep it safe and secure. But this is a complicated process due to its widespread and disparate mix of open-source code and tools. AI tools such as ChatGPT and other advanced language models (LLMs) are vastly improving the security of software supply chains. Such models can quickly identify vulnerabilities in the code and learn to detect new ones as they appear. They can also speed up the testing process and automate compliance monitoring.
Rootstrap’s ML Lead, Mikaela Pisani-Leal, says that these new technologies offer exciting possibilities for improving software security. And Tabnine’s Lead Solutions Architect Marshall Jung adds that AI can be used to patch vulnerabilities in open-source code, as well as educate developers about security best practices, saving time and resources.
Jason Kent, Hacker in Residence at API security platform Cequence Security, conducted a trial using the open-source project and ChatGPT. The AI tool was able to identify a potential security issue with code which could have led to SQL injection attacks. It was also able to provide an example of the best way to approach such a problem by using prepared statements and parameterized queries.
So, it is clear that AI tools are key in helping to secure the software supply chain. And on July 11th-12th, leaders from the industry will be in San Francisco to demonstrate success stories, discuss best practices and strategies, and share insights on how to integrate and optimize AI investments.
Endor Labs is a platform for developing open-source tools, including their popular DroidGPT. It provides a risk score to reveal the quality, popularity, trustworthiness and security of each software package.
Cequence Security is an API security platform which provides visibility into the state of APIs and is experienced in AI and cybersecurity. They focus on the identification of threats in application security and provide the necessary insight to fix them.
Now more than ever, it is important that measures are taken to ensure the security of the software supply chain. AI tools are leading this effort and making a world of difference.