📝 Original Info
- Title: Software Vulnerability Management in the Era of Artificial Intelligence: An Industry Perspective
- ArXiv ID: 2512.18261
- Date: 2025-12-20
- Authors: Researchers from original ArXiv paper
📝 Abstract
Artificial Intelligence (AI) has revolutionized software development, particularly by automating repetitive tasks and improving developer productivity. While these advancements are well-documented, the use of AI-powered tools for Software Vulnerability Management (SVM), such as vulnerability detection and repair, remains underexplored in industry settings. To bridge this gap, our study aims to determine the extent of the adoption of AI-powered tools for SVM, identify barriers and facilitators to the use, and gather insights to help improve the tools to meet industry needs better. We conducted a survey study involving 60 practitioners from diverse industry sectors across 27 countries. The survey incorporates both quantitative and qualitative questions to analyze the adoption trends, assess tool strengths, identify practical challenges, and uncover opportunities for improvement. Our findings indicate that AI-powered tools are used throughout the SVM life cycle, with 69% of users reporting satisfaction with their current use. Practitioners value these tools for their speed, coverage, and accessibility. However, concerns about false positives, missing context, and trust issues remain prevalent. We observe a socio-technical adoption pattern in which AI outputs are filtered through human oversight and organizational governance. To support safe and effective use of AI for SVM, we recommend improvements in explainability, contextual awareness, integration workflows, and validation practices. We assert that these findings can offer practical guidance for practitioners, tool developers, and researchers seeking to enhance secure software development through the use of AI.
💡 Deep Analysis
Deep Dive into Software Vulnerability Management in the Era of Artificial Intelligence: An Industry Perspective.
Artificial Intelligence (AI) has revolutionized software development, particularly by automating repetitive tasks and improving developer productivity. While these advancements are well-documented, the use of AI-powered tools for Software Vulnerability Management (SVM), such as vulnerability detection and repair, remains underexplored in industry settings. To bridge this gap, our study aims to determine the extent of the adoption of AI-powered tools for SVM, identify barriers and facilitators to the use, and gather insights to help improve the tools to meet industry needs better. We conducted a survey study involving 60 practitioners from diverse industry sectors across 27 countries. The survey incorporates both quantitative and qualitative questions to analyze the adoption trends, assess tool strengths, identify practical challenges, and uncover opportunities for improvement. Our findings indicate that AI-powered tools are used throughout the SVM life cycle, with 69% of users reportin
📄 Full Content
Software Vulnerability Management in the Era of Artificial
Intelligence: An Industry Perspective
M. Mehdi Kholoosi
School of Computer Science and
Information Technology
Adelaide University
Adelaide, Australia
mehdi.kholoosi@adelaide.edu.au
Triet Huynh Minh Le
School of Computer Science and
Information Technology
Adelaide University
Adelaide, Australia
triet.h.le@adelaide.edu.au
M. Ali Babar
School of Computer Science and
Information Technology
Adelaide University &
Elevexai Systems
Adelaide, Australia
ali.babar@adelaide.edu.au
Abstract
Artificial Intelligence (AI) has revolutionized software devel-
opment, particularly by automating repetitive tasks and improv-
ing developer productivity. While these advancements are well-
documented, the use of AI-powered tools for Software Vulnerabil-
ity Management (SVM), such as vulnerability detection and repair,
remains underexplored in industry settings. To bridge this gap, our
study aims to determine the extent of the adoption of AI-powered
tools for SVM, identify barriers and facilitators to the use, and
gather insights to help improve the tools to meet industry needs
better. We conducted a survey study involving 60 practitioners from
diverse industry sectors across 27 countries. The survey incorpo-
rates both quantitative and qualitative questions to analyze the
adoption trends, assess tool strengths, identify practical challenges,
and uncover opportunities for improvement. Our findings indicate
that AI-powered tools are used throughout the SVM life cycle, with
69% of users reporting satisfaction with their current use. Practi-
tioners value these tools for their speed, coverage, and accessibility.
However, concerns about false positives, missing context, and trust
issues remain prevalent. We observe a socio-technical adoption
pattern in which AI outputs are filtered through human oversight
and organizational governance. To support safe and effective use of
AI for SVM, we recommend improvements in explainability, con-
textual awareness, integration workflows, and validation practices.
We assert that these findings can offer practical guidance for practi-
tioners, tool developers, and researchers seeking to enhance secure
software development through the use of AI.
CCS Concepts
• Security and privacy →Vulnerability management; • Soft-
ware and its engineering →Empirical software engineering.
Keywords
Software Vulnerability, Vulnerability Detection, Vulnerability Re-
pair, Security Tools, Survey Study
Permission to make digital or hard copies of all or part of this work for personal or
classroom use is granted without fee provided that copies are not made or distributed
for profit or commercial advantage and that copies bear this notice and the full citation
on the first page. Copyrights for components of this work owned by others than the
author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or
republish, to post on servers or to redistribute to lists, requires prior specific permission
and/or a fee. Request permissions from permissions@acm.org.
ICSE ’26, Rio de Janeiro, Brazil
© 2026 Copyright held by the owner/author(s). Publication rights licensed to ACM.
ACM Reference Format:
M. Mehdi Kholoosi, Triet Huynh Minh Le, and M. Ali Babar. 2026. Software
Vulnerability Management in the Era of Artificial Intelligence: An Industry
Perspective. In Proceedings of 2026 IEEE/ACM International Conference on
Software Engineering (ICSE ’26). ACM, New York, NY, USA, 13 pages.
1
Introduction
Software Vulnerabilities (SVs) are critical security issues that can
result in cybercrime and substantial financial losses [55]. Beyond
their immediate economic consequences, SVs can jeopardize data
privacy and intellectual property, ultimately undermining an orga-
nization’s overall security posture [5]. The number and complexity
of SVs have steadily increased, posing significant risks to software
systems [32, 40]. Despite these growing threats, many SVs remain
unpatched for prolonged periods, with half taking over a year to
resolve [25, 41]. Tackling these challenges requires innovative auto-
mated techniques to alleviate the costly and time-consuming man-
ual effort involved in managing SVs. Software Vulnerability Man-
agement (SVM) involves a comprehensive set of processes aimed at
improving the security of software systems through the systematic
detection, assessment, repair, and disclosure of SVs [16, 40]. These
phases are collectively referred to as the SVM life cycle [36, 58],
and we use this definition throughout this paper.
Recent studies have increasingly proposed Artificial Intelligence
(AI)-powered tools to support the SVM life cycle. Among these,
Deep Learning (DL) has emerged as a prominent trend, show-
ing promising results for Software Engineering (SE) [39], includ-
ing various SVM tasks. For instance, DL models have shown ef-
fectiveness in detecting and assessing SVs in different applica-
tion domains [9, 42, 50, 67]. Unlike traditional static
…(Full text truncated)…
📸 Image Gallery
Reference
This content is AI-processed based on ArXiv data.
