Ohio State Researchers Use Natural Language Processing to Identify Critical Security Vulnerabilities

Posted: March 12, 2019

A team of researchers from Ohio State University, Leidos and the security firm FireEye published a paper last week, describing a system that reads millions of tweets discussing software vulnerabilities and analyzes users' opinions about their severity.  The study, which was covered by WIRED, showed users opinions online can provide a reliable early indicator for severe software vulnerabilities that show up later in the National Vulnerability Database, the official database of software vulnerabilities managed by the National Institute of Standards and Technology.  The research resulted in a prototype system that acts as an aggregator of fresh information and could one day help security practitioners to stay ahead of adversaries and keep their systems protected.

The lead author on the paper, Shi Zong, is a Ph.D. student in Ohio State's Department of Computer Science and Engineering, working with assistant professor Alan Ritter.  The research was funded by the Intelligence Advanced Research Projects Activity (IARPA) as part of the CAUSE program.

Read more about the research in WIRED and also see the original research paper here.