Abstract
Based on interviews with 28 organizations, we found that industrypractitioners are not equipped with tactical and strategic tools to protect,detect and respond to attacks on their Machine Learning (ML) systems. Weleverage the insights from the interviews and we enumerate the gaps inperspective in securing machine learning systems when viewed in the context oftraditional software security development. We write this paper from theperspective of two personas: developers/ML engineers and security incidentresponders who are tasked with securing ML systems as they are designed,developed and deployed ML systems. The goal of this paper is to engageresearchers to revise and amend the Security Development Lifecycle forindustrial-grade software in the adversarial ML era.