Enhancing Vulnerability Reports with Automated and Augmented Description Summarization
This work addresses the need for more comprehensive vulnerability information for cybersecurity professionals, though it is incremental as it builds on existing summarization techniques.
The paper tackled the problem of short and insufficient descriptions in public vulnerability databases by introducing Zad, a system that enriches vulnerability descriptions using external resources, and demonstrated its effectiveness through standard summarization metrics and human assessments.
Public vulnerability databases, such as the National Vulnerability Database (NVD), document vulnerabilities and facilitate threat information sharing. However, they often suffer from short descriptions and outdated or insufficient information. In this paper, we introduce Zad, a system designed to enrich NVD vulnerability descriptions by leveraging external resources. Zad consists of two pipelines: one collects and filters supplementary data using two encoders to build a detailed dataset, while the other fine-tunes a pre-trained model on this dataset to generate enriched descriptions. By addressing brevity and improving content quality, Zad produces more comprehensive and cohesive vulnerability descriptions. We evaluate Zad using standard summarization metrics and human assessments, demonstrating its effectiveness in enhancing vulnerability information.