Basic Concept: Balancing automation with human oversight in vulnerability management requires understanding where AI adds efficiency and where human judgment is irreplaceable. CompTIA SecAI+ Study Guide emphasizes human-in-the-loop principles for high-stakes security decisions, particularly code changes in production systems.
Why A is Correct: Having AI handle triage and ticket creation leverages its ability to rapidly process and categorize large volumes of vulnerability findings, while requiring a software engineer to review and merge code changes maintains essential human oversight for production deployments. This balance maximizes automation benefits (faster triage at scale) while ensuring that actual code modifications to a million-line codebase receive appropriate human review before deployment.
Why B is Wrong: Having humans triage but AI merge code reverses the appropriate division. Manual triage of millions of lines worth of vulnerabilities is where the bottleneck exists. Allowing AI to autonomously merge code changes without human code review oversight creates unacceptable risk of introducing defects or vulnerabilities.
Why C is Wrong: Full manual triage and manual merging eliminates AI automation entirely, failing to address the speed requirement for reducing mean time to fix in a large codebase.
Why D is Wrong: Full AI automation including merging code changes removes essential human oversight from production code deployment. In a million-line codebase, autonomous AI code merging without human review could introduce critical errors or security vulnerabilities.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit