Журнал «Информационные технологии и вычислительные системы» - A. V. Blinov, S. V. Bezzateev Application of Artificial Intelligence for Assessing the Effectiveness of Secure Software Development Processes

Просматривается номер 2025 / 01

In today's world, software security is a critically important aspect of development. The increasing number of cyber threats and the complexity of software systems demand new approaches to ensuring security. This paper examines the application of artificial intelligence methods to assess and enhance the effectiveness of secure software development processes. The concepts of DevSecOps, the role of artificial intelligence in automating security processes, and metrics and methods for analyzing effectiveness using artificial intelligence are discussed. Practical application examples and recommendations for integrating artificial intelligence into development processes are provided.

information security, DevSecOps, artificial intelligence, software development, security testing, metrics, effectiveness assessment.

DOI 10.14357/20718632250104

1. Forecast: Information Security and Risk Management, Worldwide, 2022-2028, 1Q24 Update https://www.gartner.com/en/documents/5315863 (accessed: 13.09.2024).

2. Today’s Attack Trends — Unit 42 Incident Response Report https://www.paloaltonetworks.com/blog/2024/02/unit-42-incident-response-report/ (accessed: 13.09.2024).

3. Что такое искусственный интеллект для кибербезопасности? https://www.microsoft.com/ru-ru/security/business/security-101/what-is-ai-for-cybersecurity (accessed: 13.09.2024).

4. Balancing Power and Protection: AI in Cybersecurity and Cybersecurity in AI https://www.pwc.com/m1/en/publications/balancing-power-protection-ai-cybersecurity.html (accessed: 13.09.2024).

5. Supercharging security with generative AI https://cloud.google.com/blog/products/identity-security/rsa-google-cloud-security-ai-workbench-generative-ai (accessed: 13.09.2024).

6. Vaddadi S. A., Thatikonda R., Padthe A. Shift-Left Testing Paradigm Process Implementation for Quality of Software Based on Fuzzy, Soft Computing, 2023, doi:10.1007/s00500-023-08741-5

7. Forrester’s State Of Application Security Report, 2021: Key Takeaways https://www.mend.io/blog/forresters-state-of-application-security-2021-key-takeaways/ (accessed: 13.09.2024).

8. The GitLab 2022 Global DevSecOps Survey Thriving in an insecure world https://about.gitlab.com/developer-survey/previous/2022/ (accessed: 13.09.2024).

9. Puppet’s 2024 State of DevOps Report Reveals Security is Strengthened by Platform Engineering https://www.puppet.com/press-releases/2024-state-devops-report (accessed: 13.09.2024).

10. DevOps Institute https://www.devopsinstitute.com/devopsinstitute-announces-the-upskilling-2021-enterprisedevops-skills-report-press-release/ (accessed: 13.09.2024).

11. 2023 Developer Survey https://survey.stackoverflow.co/2023/ (accessed: 13.09.2024).

12. Stay Ahead of Known Vulnerabilities with Automated Patch Management https://www.puppet.com/blog/automated-patch-management (accessed: 13.09.2024).

13. AI Adoption in Cybersecurity Tools https://www.gartner.com/peer-community/oneminuteinsights/ai-cybersecurity-qrl (accessed: 13.09.2024).

14. AI for security: Microsoft Security Risk Detection makes debut https://blogs.microsoft.com/ai/ai-for-security-microsoft-security-risk-detection-makes-debut/ (accessed: 13.09.2024).

15. About CodeQL https://codeql.github.com/docs/codeqloverview/about-codeql/ (accessed: 13.09.2024).

16. Snyk powered by DeepCode AI https://snyk.io/series/ai-security/ (accessed: 13.09.2024).

17. Darktrace Threat Detection https://darktrace.com/cyber-aiglossary/darktrace-threat-detection (accessed: 13.09.2024).

18. Интеллектуальное обнаружение угроз – Amazon GuardDuty https://aws.amazon.com/ru/guardduty/ (accessed : 13.09.2024).

19. OSS-Fuzz https://bughunters.google.com/open-source-security/oss-fuzz (accessed: 13.09.2024).

20. Cyber AI: Built for novel threats https://darktrace.com/cyber-ai (accessed: 13.09.2024).

21. Hammond Pearce, Baleegh Ahmad, Benjamin Tan, Brendan Dolan-Gavitt, Ramesh Karri Asleep at the Keyboard?Assessing the Security of GitHub Copilot’s Code Contributions, 2021, doi:10.48550/arXiv.2108.09293

22. QRadar Advisor with Watson https://www.ibm.com/docs/ru/qradar-common?topic=appsqradar-advisor-watson-app (accessed: 13.09.2024).

23. GitLab details AI-assisted features in the DevSecOps platform https://about.gitlab.com/blog/2023/05/03/gitlab-aiassisted-features/ (accessed: 13.09.2024).

24. How to put generative AI to work in your DevSecOps environment https://about.gitlab.com/blog/2024/03/07/howto-put-generative-ai-to-work-in-your-devsecops-environment/ (accessed: 13.09.2024).

25. Splunk AI https://www.splunk.com/en_us/solutions/splunk-artificial-intelligence.html (accessed: 13.09.2024).

26. Security Development Lifecycle (SDL) Practices https://www.microsoft.com/en-us/securityengineering/sdl/practices (accessed: 13.09.2024).

27. What is Netflix's Security Monkey? https://www.geeksforgeeks.org/what-is-netflixs-security-monkey/ (accessed: 13.09.2024).

28. What is Netflix's Chaos Monkey? https://www.geeksforgeeks.org/what-is-netflixs-chaos-monkey/ (accessed: 13.09.2024).