GitHub - stefanosimonetto/CVE-CWE: CVE to CWE mapping by using vector embeddings and vector database

The methodology implemented in this repo help to automate the process of mapping Common Vulnerabilities and Exposures (CVEs) to CWEs, leveraging a vector database containing embeddings of CWE descriptions. This approach involves embedding CVE descriptions and employing a nearest neighbor search to associate them with the appropriate CWE. This framework can be extended to cover any text-to-weakness mapping, including but not limited to misconfigurations, Cyber Threat Intelligence (CTI) reports, security blogs, and other sources of security-related information.

SETUP

Add OpenAI API key to the first part of the code'
Create python environment with requirements.txt
Launch docker 'docker compose up -d' in directory
Run the code in 'paper.ipynb'

Name		Name	Last commit message	Last commit date
Latest commit History 9 Commits
README.md		README.md
cve_test1.pickle		cve_test1.pickle
cve_test_blogs.json		cve_test_blogs.json
cwe_57_with_descr.pickle		cwe_57_with_descr.pickle
docker-compose.yml		docker-compose.yml
is_true_in_top_3.pickle		is_true_in_top_3.pickle
is_true_in_top_5.pickle		is_true_in_top_5.pickle
paper.ipynb		paper.ipynb
paper_distance.ipynb		paper_distance.ipynb
predicted_labels.pickle		predicted_labels.pickle
requirements.txt		requirements.txt
true_labels.pickle		true_labels.pickle

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

SETUP

About

Releases

Packages

Languages

stefanosimonetto/CVE-CWE

Folders and files

Latest commit

History

Repository files navigation

SETUP

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages