Whenever a vulnerability is detected by the testing team, it is described based on its characteristics and a detailed overview of the vulnerability is given by the testing team. Usually, there are certain features or keywords that points towards the possible severity level of a vulnerability. Using these keywords in the vulnerability description, a possible estimation of the severity level of vulnerabilities can be given just by their description. In this paper, we are eliminating the need for generating a severity score for software vulnerabilities by using the description of a vulnerability for their prioritization. This study makes use of word embedding and convolution neural network (CNN). The CNN is trained with sufficient samples vulnerability descriptions from all the categories, so that it can capture discriminative words and features for the categorization task. The proposed system helps to channelize the efforts of the testing team by prioritizing the newly found vulnerabilities in three categories based on previous data. The dataset includes three data samples from three different vendors and two mixed vendor data samples.

每当测试团队检测到漏洞时，都会根据漏洞的特征对其进行描述，并由测试团队给出该漏洞的详细概述。通常，某些功能或关键字指向漏洞的严重性级别。在漏洞描述中使用这些关键字，可以仅通过漏洞描述来给出对漏洞严重性级别的可能估计。在本文中，我们不再需要通过对漏洞的优先级进行描述来生成软件漏洞的严重性评分。这项研究利用了词嵌入和卷积神经网络（CNN）。CNN接受了来自所有类别的足够示例漏洞描述的培训，这样它就可以捕获用于分类任务的具有歧视性的单词和特征。所提出的系统通过基于先前数据对新发现的漏洞进行优先级划分为三类，从而有助于引导测试团队的工作。数据集包括来自三个不同供应商的三个数据样本和两个混合供应商的数据样本。