Workshopbeitrag
ChatSEC - Towards Enhancing Security Vulnerability Reports for Non-Experts
Vorschaubild nicht verfügbar
Volltext URI
Dokumententyp
Text/Workshop Paper
Zusatzinformation
Datum
2024
Autor:innen
Zeitschriftentitel
ISSN der Zeitschrift
Bandtitel
Verlag
Gesellschaft für Informatik e.V.
Zusammenfassung
Due to the self-governing, heterogeneous structure, the enforcement of IT-security policies at universities is different from that in business and industry. Fast pacing positional changes and limited IT knowledge result in lost information of systems, configurations and responsibilities. Different needs of the research groups require locally managed IT systems that are not under control of the IT department. In this paper, we describe ChatSEC our approach to help local system admins to close security vulnerabilities. ChatSEC improves vulnerability reports generated by a security appliance. In particular, we utilize AI to intuitively explain vulnerability reports. We also integrate the threat intelligence and mitigation steps needed to understand and close the vulnerabilities. The focus of this paper is on implementation options. Our preliminary findings are essentially positive: Key components can be readily implemented, and have the potential to greatly support local system administrators.