BFCVE Challenges

Towards a BF Labeled Dataset of Software Security Vulnerabilities
Irena Bojanova, PI & Lead, NIST Bugs Framework (BF), 2014 – ~~~~

Create a comprehensively labeled dataset of software security vulnerability specifications using BF’s formalism (taxonomy and LL(1) formal grammar) .

The Common Vulnerabilities and Exposures (CVE) repository has 228 000 software vulnerability entrees (as of August 2023) and 25K+ are being added each year. Systematic labeling of this huge set of CVEs benefits greatly the advances in modern artificial intelligence (AI) Cybersecurity research. The National Vulnerability Database (NVD) , with input from the security community, labels CVEs with Common Weakness Enumeration (CWE) entries. However, this has proven to be difficult as CWE has imprecise descriptions, gaps and overlaps in covarage.

Please refer in Publications to: | I. Bojanova and J. J. Guerrerio, “Labeling Software Security Vulnerabilities,” in IT Professional, vol. 25, no. 5, pp. 64-70, Sep.-Oct. 2023, doi: 10.1109/MITP.2023.3314368 , Local Download |

  1. I. Bojanova, ML & AI Generated Formal Software Security Vulnerability Specifications, NIST Building the Future (BTF), July, 2023

  2. I. Bojanova, An Ontology of Software and Firmware Bugs and Weaknesses & a Repository of Formally Described Software and Firmware Security Vulnerabilities, NIST CHIPS Metrology R&D Program, February, 2023

//more to be added//