Using LLMs to Adjudicate Static-Analysis Alerts
| dc.contributor.author | Flynn, Lori | |
| dc.contributor.author | Klieber, Will | |
| dc.date.accessioned | 2024-12-26T21:11:33Z | |
| dc.date.available | 2024-12-26T21:11:33Z | |
| dc.date.issued | 2025-01-07 | |
| dc.description.abstract | Software analysts use static analysis as a standard method to evaluate the source code for potential vulnerabilities, but the volume of findings is often too large to review in their entirety, causing the users to accept unknown risk. Large Language Models (LLMs) are a new technology with promising initial results for automation of alert adjudication and rationales. This has the potential to enable more secure code, support mission effectiveness, and reduce support costs. This paper discusses techniques for using LLMs to handle static analysis output, initial tooling we developed, and our experimental results from tests using GPT-4 and Llama 3. | |
| dc.format.extent | 10 | |
| dc.identifier.doi | 10.24251/HICSS.2025.903 | |
| dc.identifier.isbn | 978-0-9981331-8-8 | |
| dc.identifier.other | 5358ac67-1c4d-447f-8364-dfc647a8ff15 | |
| dc.identifier.uri | https://hdl.handle.net/10125/109755 | |
| dc.relation.ispartof | Proceedings of the 58th Hawaii International Conference on System Sciences | |
| dc.rights | Attribution-NonCommercial-NoDerivatives 4.0 International | |
| dc.rights.uri | https://creativecommons.org/licenses/by-nc-nd/4.0/ | |
| dc.subject | Use of LLMs for Program Analysis and Generation | |
| dc.subject | cybersecurity, llm, software | |
| dc.title | Using LLMs to Adjudicate Static-Analysis Alerts | |
| dc.type | Conference Paper | |
| dc.type.dcmi | Text | |
| prism.startingpage | 7554 |
Files
Original bundle
1 - 1 of 1