BF–Based ML/AI Systems
Irena Bojanova, Inventor/Creator, PI & Lead, NIST Bugs Framework (BF), 2014 – ~~~
AI can reinvent Cybersecurity R&D — but only if we do it right.
Today, we focus on mitigating vulnerabilities, not fixing their root causes.
Why? → Because human-written bug reports and vulnerability descriptions — narratives AI cannot fully understand — remain our primary source.
The result → Assurance tools often disagree, and AI security tools may hallucinate.
I’m Irena Bojanova from NIST, Information Technology Laboratory (ITL). I have created the NIST Bugs Framework — BF — a formal system that defines vulnerabilities as chains of weaknesses leading to failures. BF is not simply a database, but it may comprehensively augment the [National Vulnerability Database (NVD)]{https://nvd.nist.gov}.
BF makes vulnerabilities machine-understandable. With it, AI can generate precise vulnerability descriptions, bug reports, and security rules — forming the basis for informed counterintelligence measures.
Figure 1. BF–Based ML/AI Systems for Formal Hardware & Software Vulnerability Specification.
Figure 2. NVD–BF (or NVD<sup>BF</sup>) Formal Vulnerability Classifications Platform.