VrT: A CWE-Based Vulnerability Report Tagger - Machine Learning Driven Cybersecurity Tool for Vulnerability Classification

Abstract: vulnerability reports play an important role in the software maintenance domain. Disclosing vulnerabilities that attackers can exploit depends on the time of mitigating that software vulnerability. The information on vulnerability reports reported by several security scanning software tools facilitates vulnerability management, trends, and secure software development automation. Tagging of vulnerability reports with vulnerability type has thus far been performed manually. Therefore, human-induced errors and scalability issues suffered due to the shortage of security experts. This paper introduces a tool called Vulnerability Report Tagger (VrT), which leverages machine-learning strategies on vulnerability descriptions for automatically labeling NVD vulnerability reports. VrT automatically predicts the cybersecurity labels to assign to vulnerability text to encourage the use of labeling mechanisms in vulnerability reporting systems to facilitate the vulnerability management and prioritization process. Along with the presentation of the tool architecture and usage, we also evaluate our tool effectiveness in performing the vulnerabilities classification (i.e., tagging) process. Link to the tool: https://rb.gy/cz7hwa.