Stranger things in security engineering. My whiteboard at work is full of them.

Designing A New Approach to Vulnerability Assessment

I am writing a research paper (I hope it will be considered such) that will provide an alternative way on how computer security professionals can assess the potential impact of a newly released technical vulnerability in their environment.

It’s a general knowledge that every environment is unique in its own way; one vulnerability can wreak havoc in one environment, but can be considered harmless in another.

The interplay of systems and components within an environment makes high-level vulnerability assessments challenging yet intriguing for problem solvers. This is one of the many reasons I do not rely on CVSS scoring alone.

The interplay of systems and components within an environment makes high-level vulnerability assessments challenging yet intriguing for problem solvers. This is one of the many reasons I do not rely on CVSS scoring alone.

However, recent advances in Machine Learning and Predictive Analytics can help security professionals in this endeavor.

My goals for this research are two-fold:

1. Complete the research paper that will serve as the foundation and framework for the method of analysis, and

2. Prototype an open source web-based application wherein an operator can define an environment, its systems and components, characteristics for each element in the environment, and can inject a random vulnerability and the application should be able to predict how it can affect the environment as a whole.

Sounds interesting to you?

Let me know if you want to help. The skills I am looking for are JavaScript, NodeJS, Google Machine Learning Platform and a lot of creativity and love for open source software.