Author Topic: Researchers create system that predicts vulnerability severity from tweets  (Read 1387 times)

0 Members and 1 Guest are viewing this topic.

Offline Antus67

  • Full Member
  • ***
  • Posts: 94
    • View Profile
BY:  Zeljka Zorz, Managing EditorMarch 8, 2019

To what extent do users’ opinions about threat severity expressed online align with expert judgments and can these opinions provide an early indicator to help prioritize threats based on their severity?

A group of researchers from Ohio State University, Leidos and FireEye wanted to answer those questions, so they:

    Annotated a collection of tweets describing software vulnerabilities with opinions on threat severity
    Matched tweets to NVD records, i.e. CVEs (by using CVE numbers in the URL or web pages linked in the tweets)
    Defined a severity forecast score and a threat severity classifier to assign it (before the NVD publication date)
    Waited for the official CVSS severity score to be announced and compared it with their forecasted score, to see whether their models’ performance at identifying severe threats was precise enough.

Full Article Here: