English

Enhancing Vulnerability Reports with Automated and Augmented Description Summarization

Cryptography and Security 2025-04-30 v1 Artificial Intelligence Machine Learning

Abstract

Public vulnerability databases, such as the National Vulnerability Database (NVD), document vulnerabilities and facilitate threat information sharing. However, they often suffer from short descriptions and outdated or insufficient information. In this paper, we introduce Zad, a system designed to enrich NVD vulnerability descriptions by leveraging external resources. Zad consists of two pipelines: one collects and filters supplementary data using two encoders to build a detailed dataset, while the other fine-tunes a pre-trained model on this dataset to generate enriched descriptions. By addressing brevity and improving content quality, Zad produces more comprehensive and cohesive vulnerability descriptions. We evaluate Zad using standard summarization metrics and human assessments, demonstrating its effectiveness in enhancing vulnerability information.

Cite

@article{arxiv.2504.20726,
  title  = {Enhancing Vulnerability Reports with Automated and Augmented Description Summarization},
  author = {Hattan Althebeiti and Mohammed Alkinoon and Manar Mohaisen and Saeed Salem and DaeHun Nyang and David Mohaisen},
  journal= {arXiv preprint arXiv:2504.20726},
  year   = {2025}
}

Comments

12 pages, 3 tables, 12 figures. Accepted for publication in IEEE Transactions on Big Data. Extended version of arXiv:2210.01260

R2 v1 2026-06-28T23:15:19.124Z