Vulnerability Exploitability Forecasting Tool
Vulnerability Exploitability Forecasting Tool will estimate the probability of a vulnerability to be exploited in the next 3, 6 or 12 months.
February 2023Describe the innovation content of the result:
A tool for predicting the exploitability of vulnerabilities in a specific time period using as database social networks unused till date.
Who will be the customer?
Software owners or security experts that already have detected a vulnerability and want to assess how imminent its exploitability may be.
What benefit will it bring to the customers?
Know the probability that the vulnerability will be exploited in a period of time will allow developers to evaluate its possible impact and so prioritize their efforts in its patch.
When is the expected date of achievement in the project (Mth/yr)?
When is the time to market (Mth/yr)?
What are the costs to be incurred after the project and before exploitation?
What is the approximate price range of this result/price of licences?
What are the market size in Millions € for this result and relevant trend?
How will this result rank against competing products in terms of price/performance?
To be determined
Who are the competitors for this result?
Checkmarxk, Micro Focus, Veracode, Synopsys
How fast and in what ways will the competition respond to this result?
To be determined
Who are the partners involved in the result?
Who are the industrial partners interested in the result (partners, sponsors, etc.)?
Have you protected or will you protect this result? How? When?
IP rights for source code are reserved. The source code will not be publicly available
BIECO Integrated Platform will integrate the tools in a loosely coupled way.
Data Collection Tool (DCT) stores information from relevant vulnerability related datasets, providing a single access point to information required by the vulnerability detection and forecasting tools developed in T3.3, as well as for the failure prediction tools developed in T4.2.
Vulnerability Detection Tool will detect existing vulnerabilities within the source code which may lead to the successful execution of an attack.
Vulnerability Propagation Tool will calculate and offer the paths affected by a vulnerability in the source code.
Fuzzing Tool will test System Under Test (SUT) security vulnerabilities or inputs not contemplated that could compromise the system; as a black-box process, by using unintended or incorrect inputs and monitoring their corresponding outputs.
This exploitation result consists in cybersecurity consultancy services supported by ResilBlockly (former Blockly4SoS), a Model-Driven Engineering tool that has been developed in the context of BIECO.