This study addresses the problem of predicting vulnerability remediation time for IoT devices. Methodologically, it introduces the first survival analysis–based prediction framework, constructing a multi-source heterogeneous vulnerability database integrating VulDB, NVD, and Twitter trends. A unified representation scheme is designed, incorporating structured attributes (CVE/CWE/CVSS), Sentence-BERT–derived semantic text embeddings, and temporal social热度 features. An XGBoost-powered Accelerated Failure Time (AFT) model is employed for end-to-end modeling. Key contributions include: (1) the first application of survival analysis to IoT vulnerability remediation time prediction; (2) a scalable, multi-source feature fusion framework; and (3) empirical validation showing that combining VulDB and NVD significantly improves prediction accuracy, whereas Twitter-derived features yield marginal gains—highlighting the primacy of high-quality, structured vulnerability data.

The rapid integration of Internet of Things (IoT) devices into enterprise environments presents significant security challenges. Many IoT devices are released to the market with minimal security measures, often harbouring an average of 25 vulnerabilities per device. To enhance cybersecurity measures and aid system administrators in managing IoT patches more effectively, we propose an innovative framework that predicts the time it will take for a vulnerable IoT device to receive a fix or patch. We developed a survival analysis model based on the Accelerated Failure Time (AFT) approach, implemented using the XGBoost ensemble regression model, to predict when vulnerable IoT devices will receive fixes or patches. By constructing a comprehensive IoT vulnerabilities database that combines public and private sources, we provide insights into affected devices, vulnerability detection dates, published CVEs, patch release dates, and associated Twitter activity trends. We conducted thorough experiments evaluating different combinations of features, including fundamental device and vulnerability data, National Vulnerability Database (NVD) information such as CVE, CWE, and CVSS scores, transformed textual descriptions into sentence vectors, and the frequency of Twitter trends related to CVEs. Our experiments demonstrate that the proposed model accurately predicts the time to fix for IoT vulnerabilities, with data from VulDB and NVD proving particularly effective. Incorporating Twitter trend data offered minimal additional benefit. This framework provides a practical tool for organisations to anticipate vulnerability resolutions, improve IoT patch management, and strengthen their cybersecurity posture against potential threats.