Automated Assessment of Vulnerabilities (AAV)
Abstract
The Automated Assessment of Vulnerabilities (AAV) program will create technology to automatically and accurately assess the vulnerability of software systems with state-of-the-art defenses. At present, techniques to measure the severity of software vulnerabilities focus on the exploitability of individual vulnerabilities and ignore the possibility of sequencing exploits into chains, thereby magnifying their severity. To obtain a more accurate assessment, AAV will map vulnerabilities back to the underlying flaw, identify its pre- and post-conditions, and use program analysis and machine learning to assess the potential for composing the associated exploits.
Document Details
- Document Type
- Accomplishment
- Publication Date
- Oct 01, 2024
- Source ID
- 75dbda7850d9e0ac1dc3b9b964921b9d