5th INTERNATIONAL CONGRESS ON KHAZAR SCIENTIFIC RESEARCH AND INNOVATION
OPEN SOURCE VULNERABILITY TRACKING AND AI-BASED RECOMMENDATION SYSTEM
Open Source Software (OSS) is the backbone of modern digital infrastructure, powering applications across industries from finance to healthcare. Despite its advantages, OSS faces significant security risks due to vulnerabilities that can expose systems to cyberattacks. The transparency and collaborative nature of OSS make it particularly susceptible to exploitation, highlighting the need for effective vulnerability management. Current tools for identifying and mitigating these vulnerabilities often fall short in providing actionable insights, prioritization, or context-aware recommendations. This study proposes a novel AI-based recommendation system integrated with a comprehensive vulnerability tracking framework to address these challenges. By leveraging advanced machine learning (ML) models and natural language processing (NLP) techniques, the system automates the processes of identifying, classifying, and prioritizing vulnerabilities in OSS projects. Additionally, the system offers targeted remediation recommendations tailored to the specific context of a project, helping developers and organizations streamline their workflows and focus on critical issues. The framework’s performance was evaluated through real-world case studies and benchmarked against existing vulnerability management tools. Results indicate significant improvements in detection accuracy, mean time to detect (MTTD), and mean time to remediate (MTTR) vulnerabilities. The system also demonstrated scalability and adaptability across various OSS ecosystems, enhancing both efficiency and reliability in vulnerability management. The findings emphasize the transformative potential of AI in OSS security, bridging the gap between open-source adoption and security assurance. By addressing critical limitations of current tools, this system empowers developers and organizations to adopt OSS confidently, with improved security and reduced risks. Future research aims to expand the system's capabilities, further integrating dynamic threat intelligence and user feedback.
