Recent research advances in Artificial Intelligence (AI) have yielded promising results for automated software vulnerability management. AI-based models are reported to greatly outperform traditional static analysis tools, indicating a substantial workload relief for security engineers. However, the industry remains very cautious and selective about integrating AI-based techniques into their security vulnerability management workflow. To understand the reasons, we conducted a discussion-based study, anchored in the authors' extensive industrial experience and keen observations, to uncover the gap between research and practice in this field. We empirically identified three main barriers preventing the industry from adopting academic models, namely, complicated requirements of scalability and prioritization, limited customization flexibility, and unclear financial implications. Meanwhile, research works are significantly impacted by the lack of extensive real-world security data and expertise. We proposed a set of future directions to help better understand industry expectations, improve the practical usability of AI-based security vulnerability research, and drive a synergistic relationship between industry and academia.

翻译：近年来人工智能的研究进展为自动化软件漏洞管理带来了令人瞩目的成果。基于AI的模型被报道在性能上大幅超越传统静态分析工具，有望显著减轻安全工程师的工作负担。然而，工业界在将AI技术整合到安全漏洞管理工作流程时仍保持谨慎且挑剔的态度。为探究其中缘由，我们基于作者丰富的工业实践经验与敏锐观察，开展了一项讨论式研究，旨在揭示该领域研究与实践之间的差距。通过实证分析，我们识别出阻碍工业界采用学术界模型的三大主要障碍：可扩展性与优先级排序的复杂需求、有限的定制化灵活性以及不清晰的财务影响。与此同时，研究工作也因缺乏广泛真实世界安全数据与专业知识而受到显著影响。我们提出了一系列未来研究方向，旨在帮助学界更深入理解工业界期望，提升基于AI的安全漏洞研究的实践可用性，并推动工业界与学术界形成协同关系。