Logo des Repositoriums
 
Workshopbeitrag

ChatSEC - Towards Enhancing Security Vulnerability Reports for Non-Experts

Lade...
Vorschaubild

Volltext URI

Dokumententyp

Text/Workshop Paper

Zusatzinformation

Datum

2024

Zeitschriftentitel

ISSN der Zeitschrift

Bandtitel

Verlag

Gesellschaft für Informatik e.V.

Zusammenfassung

Due to the self-governing, heterogeneous structure, the enforcement of IT-security policies at universities is different from that in business and industry. Fast pacing positional changes and limited IT knowledge result in lost information of systems, configurations and responsibilities. Different needs of the research groups require locally managed IT systems that are not under control of the IT department. In this paper, we describe ChatSEC our approach to help local system admins to close security vulnerabilities. ChatSEC improves vulnerability reports generated by a security appliance. In particular, we utilize AI to intuitively explain vulnerability reports. We also integrate the threat intelligence and mitigation steps needed to understand and close the vulnerabilities. The focus of this paper is on implementation options. Our preliminary findings are essentially positive: Key components can be readily implemented, and have the potential to greatly support local system administrators.

Beschreibung

Hoffmann, Mario; Buchmann, Erik (2024): ChatSEC - Towards Enhancing Security Vulnerability Reports for Non-Experts. Mensch und Computer 2024 - Workshopband. DOI: 10.18420/muc2024-mci-ws13-144. Gesellschaft für Informatik e.V.. MCI-WS13: Workshop Mensch-Maschine-Interaktion in sicherheitskritischen Systemen. Karlsruhe. 1.-4. September 2024

Schlagwörter

Zitierform

Tags