LLMs for Vulnerability Classification

This research evaluates Large Language Models' capabilities in automating CVSS vector computation for vulnerability classification and risk prioritization.

Key Findings:

LLMs can effectively classify CVE vulnerabilities with proper prompting strategies
Automation helps address inconsistencies in human-assigned CVSS scores
Models demonstrate potential to accelerate vulnerability management as new CVEs rapidly grow
Provides a promising approach for security teams to streamline risk assessment

Why It Matters: As vulnerability volumes increase, security teams need reliable, efficient methods to prioritize threats. LLM-based automation could significantly reduce manual assessment workload while maintaining accuracy in risk scoring.

Can LLMs Classify CVEs? Investigating LLMs Capabilities in Computing CVSS Vectors