The potential of LLM-generated reports in DevSecOps

Nikolaos Lykousas,Vasileios Argyropoulos,Fran Casino
2024-10-03
Abstract:Alert fatigue is a common issue faced by software teams using the DevSecOps paradigm. The overwhelming number of warnings and alerts generated by security and code scanning tools, particularly in smaller teams where resources are limited, leads to desensitization and diminished responsiveness to security warnings, potentially exposing systems to vulnerabilities. This paper explores the potential of LLMs in generating actionable security reports that emphasize the financial impact and consequences of detected security issues, such as credential leaks, if they remain unaddressed. A survey conducted among developers indicates that LLM-generated reports significantly enhance the likelihood of immediate action on security issues by providing clear, comprehensive, and motivating insights. Integrating these reports into DevSecOps workflows can mitigate attention saturation and alert fatigue, ensuring that critical security warnings are addressed effectively.
Cryptography and Security,Artificial Intelligence,Software Engineering
What problem does this paper attempt to address?
The main problem that this paper attempts to solve is **Alert Fatigue**, especially the challenges faced by software teams under the DevSecOps (Development, Security, and Operations) paradigm. Specifically, the paper focuses on how to use large - language models (LLMs) to generate actionable security reports in order to improve developers' response rates and willingness to act on security warnings. ### Specific manifestations of the problem 1. **Alert overload**: A large number of warnings and alerts generated by security tools and code - scanning tools make it difficult for development teams to manage effectively, especially in small teams with limited resources. 2. **Sluggish response**: Due to too many alerts, developers may become numb to security warnings and thus ignore truly important security issues. 3. **Misaligned priorities**: Under the pressure of rapid deployment, developers may be more inclined to prioritize functional requirements over security issues, resulting in potential security vulnerabilities not being repaired in a timely manner. 4. **Unclear financial impact**: Developers often do not understand the financial losses and other consequences that unresolved security issues may bring, so they lack the motivation to fix these issues. ### Solutions proposed in the paper The paper proposes to use large - language models (LLMs) to generate detailed and actionable security reports. These reports not only highlight the detected security issues but also evaluate the financial impact and potential consequences if these issues are not resolved. In this way, the reports generated by LLM can: - **Enhance clarity**: Provide clear and comprehensive information to help developers understand the severity of the problem. - **Boost motivation**: By emphasizing the financial impact, motivate developers to take immediate action to fix security vulnerabilities. - **Alleviate alert fatigue**: Reduce ineffective or repetitive alerts and ensure that critical security warnings are taken seriously and dealt with. ### Method verification To verify the effectiveness of this method, the author conducted a survey, inviting 23 developers to evaluate the effectiveness of the reports generated by LLM compared with those generated by existing security tools. The results show that the reports generated by LLM are excellent in improving developers' willingness to act, especially the reports generated by ChatGPT are considered to be more clear and persuasive. ### Conclusion The research in this paper shows that integrating the reports generated by LLM into the DevSecOps workflow can largely alleviate the alert fatigue problem and effectively motivate developers to deal with security issues in a timely manner. Although there are trust issues, this innovative method provides new ideas and tools for future DevSecOps practices.