Skip to Main content Skip to Navigation
Conference papers

Fighting N-Day Vulnerabilities with Automated CVSS Vector Prediction at Disclosure

Abstract : The Common Vulnerability Scoring System (CVSS) is the industry standard for describing the characteristics of a software vulnerability and measuring its severity. However, during the first days after a vulnerability disclosure, the initial human readable description of the vulnerability is not available as a machine readable CVSS vector yet. This situation creates a period of time when only expensive manual analysis can be used to react to new vulnerabilities because no data is available for cheaper automated analysis yet. We present a new technique based on linear regression to automatically predict the CVSS vector of newly disclosed vulnerabilities using only their human readable descriptions, with a strong emphasis on decision explicability. Our experimental results suggest real world applicability.
Document type :
Conference papers
Complete list of metadata

Cited literature [23 references]  Display  Hide  Download
Contributor : Clément Elbaz Connect in order to contact the contributor
Submitted on : Friday, July 10, 2020 - 11:14:46 AM
Last modification on : Saturday, August 6, 2022 - 3:32:53 AM
Long-term archiving on: : Monday, November 30, 2020 - 7:34:17 PM


Files produced by the author(s)


  • HAL Id : hal-02895913, version 1


Clément Elbaz, Louis Rilling, Christine Morin. Fighting N-Day Vulnerabilities with Automated CVSS Vector Prediction at Disclosure. ARES 2020 - International Conference on Availability, Reliability and Security, Aug 2020, Virtual Event, Ireland. pp.1-10. ⟨hal-02895913⟩



Record views


Files downloads