Blog

Harnessing AI and proactive measures for effective management of vulnerability alerts

March 28, 2024
Secure Code Warrior

Recently I had the privilege of hosting a webinar where our very own CTO Matias Madou and with Mednd.io’s Sharon Kochevsky addressing Taking charge of vulnerability alerts. During the session they explored both the challenges and the solutions in handling security vulnerability alerts. In case you missed the webinar, here are a few key takeaways from their conversation. Of course, the webinar is also now on-demand here to get the full details. 

Impact of AI on security

Matias incorporated the analogy of self-driving cars to explain the current state of AI creating secure software. While self-driving cars can technically drive themselves they still face problems while on the road. For instance, he referenced one situation where self-driving cars encountered a problem on the road never encountered before and would ghost break as a result. Problems will come, and it’s the human technicians that need to resolve. Similarly, if developers blindly follow AI, errors in code and vulnerabilities could come into play.  

For AI to produce better output, Matias stressed the need for regularity and numerous good code examples to train developers on the AI models. While AI presently works well on generic frameworks, it falls short with real-world applications that operate on millions of code lines.

He further explained that seasoned developers could reap the benefits of generative AI for accelerated coding, but those not trained might pose a threat as they could reproduce and paste faulty codes at rapid pace. 

Shifting towards proactiveness

One topic that led the discussion was the shift towards proactive actions. Rather than keeping tabs on security issues, Sharon Kochevsky advocates for enterprises and AppSec programs to  take a more proactive approach with actual code fixes versus a reactive approach focused on security reporting. In line with Matias, he underscores the need to surpass purely administrative practices and focus on consequential outcomes. The panel also discussed primary areas of creating reports along with utilizing security products incorporated with real-time dashboards and issue tracking. 

Bridging the gap 

Sharon and Matias also identified a crucial problem that should get addressed: the disconnection between developers and security managers. Organizations and enterprises are now adding security champions to help bridge the gap. These are security pros located within the engineering team, and help promote proactive security measures.

Needless to say, we just scratched the surface on this topic and the conversation extends beyond these webinars; continuous discussion and engagement are crucial in our ever-evolving industry. If you would like to learn more or replay the session, it is now available on-demand.

Share on social
Lema

Govern AI-driven development before it ships

Measure AI-assisted risk, enforce secure coding policy at commit, and accelerate secure delivery across your SDLC.

book a demo
Lema

Explore more blogs

Lorem ipsum diam quis enim lobortis scelerisque fermentum dui faucibus in ornare quam viverra orci sagittis eu volutpat odio facilisis.

browse all
Case Study
Filter Label
This is some text inside of a div block.

Supercharged Security Awareness: How Tournaments are Inspiring Developers at Erste Group

Learn More
Case Study
Filter Label
This is some text inside of a div block.

Security as culture: How Blue Prism cultivates world-class secure developers

Learn how Blue Prism, the global leader in intelligent automation for the enterprise, used Secure Code Warrior's agile learning platform to create a security-first culture with their developers, achieve their business goals, and ship secure code at speed

Learn More
Case Study
Filter Label
This is some text inside of a div block.

One Culture of Security: How Sage built their security champions program with agile secure code learning

Discover how Sage enhanced security with a flexible, relationship-focused approach, creating 200+ security champions and achieving measurable risk reduction.

Learn More
Case Study
Filter Label
This is some text inside of a div block.

Enabler 2: Senior Leadership Sponsorship

Explore Enabler 2: Senior Leadership Sponsorship. Learn why active buy-in from the CIO, CTO, and CISO is vital to drive developer adoption and program credibility.

Learn More
Case Study
Filter Label
This is some text inside of a div block.

Observe and Secure the ADLC: A Four-Point Framework for CISOs and Development Teams Using AI

While development teams look to make the most of GenAI’s undeniable benefits, we’d like to propose a four-point foundational framework that will allow security leaders to deploy AI coding tools and agents with a higher, more relevant standard of security best practices. It details exactly what enterprises can do to ensure safe, secure code development right now, and as agentic AI becomes an even bigger factor in the future.

Learn More
Case Study
Filter Label
This is some text inside of a div block.

Cybermon Is Back: Beat the Boss AI Missions Now Available On Demand

Cybermon 2025 Beat the Boss is now available year-round in SCW. Deploy advanced AI/LLM security challenges to strengthen secure AI development at scale.

Learn More

Secure AI-driven development before it ships

See developer risk, enforce policy, and prevent vulnerabilities across your software development lifecycle.

book a demo
No items found.
No items found.