{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,15]],"date-time":"2026-06-15T22:30:36Z","timestamp":1781562636850,"version":"3.54.5"},"publisher-location":"New York, NY, USA","reference-count":41,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,7,10]],"date-time":"2024-07-10T00:00:00Z","timestamp":1720569600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,7,10]]},"DOI":"10.1145\/3663529.3663829","type":"proceedings-article","created":{"date-parts":[[2024,7,10]],"date-time":"2024-07-10T19:43:13Z","timestamp":1720640593000},"page":"74-79","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":6,"title":["AgraBOT: Accelerating Third-Party Security Risk Management in Enterprise Setting through Generative AI"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0007-6257-8288","authenticated-orcid":false,"given":"Mert","family":"Toslali","sequence":"first","affiliation":[{"name":"IBM Research, Cambridge, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7802-350X","authenticated-orcid":false,"given":"Edward","family":"Snible","sequence":"additional","affiliation":[{"name":"IBM Research, Yorktown Heights, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-7023-4010","authenticated-orcid":false,"given":"Jing","family":"Chen","sequence":"additional","affiliation":[{"name":"IBM Research, Yorktown Heights, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-3294-6106","authenticated-orcid":false,"given":"Alan","family":"Cha","sequence":"additional","affiliation":[{"name":"IBM Research, Yorktown Heights, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-6747-8163","authenticated-orcid":false,"given":"Sandeep","family":"Singh","sequence":"additional","affiliation":[{"name":"IBM, Bengaluru, India"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-1006-5008","authenticated-orcid":false,"given":"Michael","family":"Kalantar","sequence":"additional","affiliation":[{"name":"IBM Research, Yorktown Heights, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-8203-1242","authenticated-orcid":false,"given":"Srinivasan","family":"Parthasarathy","sequence":"additional","affiliation":[{"name":"IBM Research, Yorktown Heights, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2024,7,10]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/3540250.3558926"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/RE54965.2022.00011"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"crossref","unstructured":"Toufique Ahmed Supriyo Ghosh Chetan Bansal Thomas Zimmermann Xuchao Zhang and Saravan Rajmohan. 2023. Recommending Root-Cause and Mitigation Steps for Cloud Incidents using Large Language Models. arXiv preprint arXiv:2301.03797.","DOI":"10.1109\/ICSE48619.2023.00149"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/3611643.3613887"},{"key":"e_1_3_2_1_5_1","unstructured":"Shared Assessments. [n. d.]. What is the SIG? https:\/\/sharedassessments.org\/about-sig\/"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/3576915.3623075"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/3528588.3528663"},{"key":"e_1_3_2_1_8_1","volume-title":"ISO 27001 risk management and compliance. Risk management, 54, 1","author":"Brenner Joel","year":"2007","unstructured":"Joel Brenner. 2007. ISO 27001 risk management and compliance. Risk management, 54, 1 (2007), 24\u201329."},{"key":"e_1_3_2_1_9_1","first-page":"54","article-title":"SOC 2 breakdown: a five-part guide to understanding the service organization controls 2 report and its benefits","volume":"69","author":"Choe Vickie","year":"2012","unstructured":"Vickie Choe, David Taylor, and Aleksei Brizhik. 2012. SOC 2 breakdown: a five-part guide to understanding the service organization controls 2 report and its benefits. Internal Auditor, 69, 1 (2012), 54\u201359.","journal-title":"Internal Auditor"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/3576915.3616589"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510157"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.5555\/3361338.3361400"},{"key":"e_1_3_2_1_13_1","unstructured":"Yuanyuan Feng Abhilasha Ravichander Yaxing Yao Shikun Zhang Rex Chen Shomir Wilson and Norman Sadeh. 2023. Understanding How to Inform Blind and Low-Vision Users about Data Privacy through Privacy Question Answering Assistants. arXiv preprint arXiv:2310.08687."},{"key":"e_1_3_2_1_14_1","unstructured":"Yunfan Gao Yun Xiong Xinyu Gao Kangxiang Jia Jinliu Pan Yuxi Bi Yi Dai Jiawei Sun Qianyu Guo Meng Wang and Haofen Wang. 2024. Retrieval-Augmented Generation for Large Language Models: A Survey. arxiv:2312.10997."},{"key":"e_1_3_2_1_15_1","volume-title":"27th USENIX Security Symposium (USENIX Security 18)","author":"Harkous Hamza","year":"2018","unstructured":"Hamza Harkous, Kassem Fawaz, R\u00e9mi Lebret, Florian Schaub, Kang G Shin, and Karl Aberer. 2018. Polisis: Automated analysis and presentation of privacy policies using deep learning. In 27th USENIX Security Symposium (USENIX Security 18). 531\u2013548."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/3524610.3527893"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/3576915.3616599"},{"key":"e_1_3_2_1_18_1","unstructured":"Huggingface. 2023. all-mpnet-base-v2. https:\/\/huggingface.co\/sentence-transformers\/all-mpnet-base-v2"},{"key":"e_1_3_2_1_19_1","unstructured":"Huggingface. 2023. Flan-T5. https:\/\/huggingface.co\/google\/flan-t5-xl"},{"key":"e_1_3_2_1_20_1","unstructured":"Huggingface. 2023. Flan-UL. https:\/\/huggingface.co\/google\/flan-ul2"},{"key":"e_1_3_2_1_21_1","unstructured":"IBM. 2023. Granite. https:\/\/www.ibm.com\/docs\/en\/cloud-paks\/cp-data\/4.8.x?topic=models-granite-13b-instruct-v2-model-card"},{"key":"e_1_3_2_1_22_1","unstructured":"IBM. 2023. Watson Discovery. https:\/\/www.ibm.com\/products\/watson-discovery"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/3528588.3528662"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510203"},{"key":"e_1_3_2_1_25_1","volume-title":"Inferfix: End-to-end program repair with llms. arXiv preprint arXiv:2303.07263.","author":"Jin Matthew","year":"2023","unstructured":"Matthew Jin, Syed Shahriar, Michele Tufano, Xin Shi, Shuai Lu, Neel Sundaresan, and Alexey Svyatkovskiy. 2023. Inferfix: End-to-end program repair with llms. arXiv preprint arXiv:2303.07263."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"crossref","unstructured":"Brian Lester Rami Al-Rfou and Noah Constant. 2021. The Power of Scale for Parameter-Efficient Prompt Tuning. arxiv:2104.08691.","DOI":"10.18653\/v1\/2021.emnlp-main.243"},{"key":"e_1_3_2_1_27_1","unstructured":"Cheng Li Jindong Wang Yixuan Zhang Kaijie Zhu Wenxin Hou Jianxun Lian Fang Luo Qiang Yang and Xing Xie. 2023. Large Language Models Understand and Can be Enhanced by Emotional Stimuli. arxiv:2307.11760."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"crossref","unstructured":"Antoine Louis Gijs van Dijck and Gerasimos Spanakis. 2023. Interpretable Long-Form Legal Question Answering with Retrieval-Augmented Large Language Models. arXiv preprint arXiv:2309.17050.","DOI":"10.1609\/aaai.v38i20.30232"},{"key":"e_1_3_2_1_29_1","volume-title":"Littman","author":"MacGlashan James","year":"2023","unstructured":"James MacGlashan, Mark K Ho, Robert Loftin, Bei Peng, Guan Wang, David Roberts, Matthew E. Taylor, and Michael L. Littman. 2023. Interactive Learning from Policy-Dependent Human Feedback. arxiv:1701.06049."},{"key":"e_1_3_2_1_30_1","unstructured":"Meta. 2023. Llama. https:\/\/github.com\/facebookresearch\/llama\/blob\/main\/MODEL_CARD.md"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510079"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCEAI55464.2022.00151"},{"key":"e_1_3_2_1_33_1","unstructured":"Karmvir Singh Phogat Chetan Harsha Sridhar Dasaratha Shashishekar Ramakrishna and Sai Akhil Puranam. 2023. Zero-Shot Question Answering over Financial Documents using Large Language Models. arXiv preprint arXiv:2311.14722."},{"key":"e_1_3_2_1_34_1","unstructured":"Alec Radford Jeffrey Wu Rewon Child David Luan Dario Amodei and Ilya Sutskever. 2018. Language Models are Unsupervised Multitask Learners. https:\/\/d4mucfpksywv.cloudfront.net\/better-language-models\/language-models.pdf"},{"key":"e_1_3_2_1_35_1","volume-title":"Cybersecurity and Third-Party Risk","author":"Rasner Gregory C.","year":"1980","unstructured":"Gregory C. Rasner. 2021. Cybersecurity and Third-Party Risk. Wiley. isbn:9781119809555"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/3510457.3513030"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE-SEIP52600.2021.00031"},{"key":"e_1_3_2_1_38_1","unstructured":"Karan Singhal Tao Tu Juraj Gottweis Rory Sayres Ellery Wulczyn Le Hou Kevin Clark Stephen Pfohl Heather Cole-Lewis and Darlene Neal. 2023. Towards expert-level medical question answering with large language models. arXiv preprint arXiv:2305.09617."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/RE.2019.00041"},{"key":"e_1_3_2_1_40_1","unstructured":"Streamlit Team. 2023. Streamlit. https:\/\/streamlit.io\/"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/3611643.3613879"}],"event":{"name":"FSE '24: 32nd ACM International Conference on the Foundations of Software Engineering","location":"Porto de Galinhas Brazil","acronym":"FSE '24","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering"]},"container-title":["Companion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3663529.3663829","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3663529.3663829","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T23:44:21Z","timestamp":1750290261000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3663529.3663829"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,7,10]]},"references-count":41,"alternative-id":["10.1145\/3663529.3663829","10.1145\/3663529"],"URL":"https:\/\/doi.org\/10.1145\/3663529.3663829","relation":{},"subject":[],"published":{"date-parts":[[2024,7,10]]},"assertion":[{"value":"2024-07-10","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}