A RAkEL-based methodology to estimate software vulnerability characteristics & score - an application to EU project ECHO

Software vulnerabilities constitute a critical threat for cybersecurity analysts in the contemporary society, since the successfully exploited vulnerabilities could harm any system in terms of Confidentiality, Integrity and Availability. Similarly, the characterization of vulnerabilities and the assessment of vulnerability risk is a crucial task for cybersecurity managers regarding the resource management. However, the proliferation of software vulnerabilities causes problems related to the response time of the security experts. For this reason, a methodology based on RAndom k-labELsets (RAkEL) is proposed in this paper in order to estimate software vulnerability characteristics and score from the vulnerability technical description. The proposed methodology aims to a) improve an existing multi-target methodology and b) be integrated in a Cyber Threat Intelligence (CTI) information sharing system. The results, in a dataset containing more than 130000 vulnerabilities, clearly proved that the proposed methodology could improve the existing methodology regarding the estimation of vulnerability characteristics and score.