BF CVE Challenges

Towards a BF Labeled Dataset of Software Security Vulnerabilities
Irena Bojanova, PI and Lead, Bugs Framework (BF)

The Common Vulnerabilities and Exposures (CVE) repository has 228 000 software vulnerability entrees (as of August 2023) and 25K+ are being added each year. Systematic labeling of this huge set of CVEs benefits greatly the advances in modern artificial intelligence (AI) Cybersecurity research. The National Vulnerability Database (NVD) , with input from the security community, labels CVEs with Common Weakness Enumeration (CWE) entries. However, this has proven to be difficult as CWE has imprecise descriptions, gaps and overlaps in covarage.

Let’s together start creating of a labeled dataset of software security vulnerability specifications using BF’s formalism (taxonomy and LL(1) formal grammar) .