Compute-Budgeted Exploitability Evidence Graphs for Prospective Vulnerability Triage

๐Ÿ“… 2026-06-17
๐Ÿ“ˆ Citations: 0
โœจ Influential: 0
๐Ÿ“„ PDF
๐Ÿค– AI Summary
Security teams struggle to patch all newly disclosed vulnerabilities in a timely manner and urgently need to prospectively assess exploitability under limited computational resources while avoiding assessment bias caused by data leakage. This work proposes a leakage-resistant prospective evaluation protocol that constructs a temporal evidence graph integrating vulnerability advisories, exploits, patch commits, and community discussions. Under computational budget constraints, the method selects critical evidence to generate auditable evidence certificates supporting contestable prioritization decisions. Experiments on 12,012 CVEs demonstrate that using only two pieces of evidence increases leakage-resistant recall@50 from 0.010 to 0.026, while also revealing that semantic similarity does not equate to valid exploitability evidence.
๐Ÿ“ Abstract
Defenders cannot patch every newly disclosed vulnerability at once, so exploitability prediction must be evaluated prospectively rather than retrospectively. We study compute-budgeted vulnerability triage in which each CVE is scored only from public evidence visible by a fixed decision time. Advisories, exploit archives, fix commits, and hacker-community discourse are represented as a temporal evidence graph; a budgeted selector admits only a few evidence documents per CVE, and every score is paired with an auditable certificate listing the supporting signals, timestamps, source layers, and leakage flags. On 12012 prospective CVEs from public sources, budgeted evidence selection raises leakage-safe prospective recall@50 from 0.010 for a severity-only baseline to 0.026, while two evidence documents per CVE capture most of the value. A strong cross-encoder reranker lowers prospective recall to 0.016, showing that semantic relevance to a CVE is not the same as evidence of exploitation. Most importantly, a naive random split with unfiltered evidence inflates apparent prospective recall by 8.5x and EPSS-high recall by 5.0x. The main contribution is a leakage-safe evaluation protocol and reproducible evidence certificates for contestable vulnerability-prioritization claims.
Problem

Research questions and friction points this paper is trying to address.

vulnerability triage
exploitability prediction
prospective evaluation
information leakage
evidence selection
Innovation

Methods, ideas, or system contributions that make the work stand out.

prospective vulnerability triage
evidence graph
compute-budgeted selection
leakage-safe evaluation
exploitability prediction
๐Ÿ”Ž Similar Papers
No similar papers found.