Rethinking OSS Vulnerability Management in the AI Era

Abstract: The security of open-source software ecosystems is critical to the software industry. Failures in OSS security vulnerability management can lead to severe consequences, such as financial loss, privacy violations, reputation damage, and compliance risks. In the era of AI, these threats are further amplified as exploitation becomes increasingly automated and AI agents expand the overall attack surface. In this talk, I will go through our work on improving OSS vulnerability management. First, I will introduce our work on few-shot learning for vulnerability name and version recognition. Second, I will introduce VulLibGen, a tool for automatically generating affected package names. Then, I will introduce SPFinder, a retrieval system for vulnerability patch localization. Finally, I will discuss future directions of OSS vulnerability security defense in the new era of AI agents. 

Bio: Dr. Xueqing Liu is a tenure-track Assistant Professor at the Department of Computer Science of Stevens Institute of Technology. Her research interests are natural language processing for security and software engineering. She earned her PhD at the University of Illinois Urbana-Champaign and her bachelor's degree at IIIS, Tsinghua University, China. She has published at ACL, EMNLP, KDD, WWW, RE, and VL/HCC, and has served the program committees in software engineering and NLP, including ASE, TSE, ACL, etc. She co-authored Microsoft/FLAML, an open-source software for automated machine learning with over 1 million downloads. She is a recipient of the ICSE-CSEE&T Distinguished Paper Award.