Beyond the CVSS: Leveraging XGBoost to Filter Vulnerability Noise

This talk explores the intersection of machine learning and vulnerability management, focusing on how the XGBoost algorithm can be leveraged to predict the exploitability of Common Vulnerabilities and Exposures (CVEs). While frontier LLMs are currently revolutionizing vulnerability discovery—such as autonomously identifying zero-days in complex codebases —lightweight ML models remain the critical backbone for enterprise risk prioritization. The presentation will cover the practical methodology of building an exploitability classifier , the statistical challenges of handling highly imbalanced security datasets where actual exploits are rare, and how these different AI approaches complement each other in a modern AppSec pipeline.

This is based on the research paper I published in 2024 – https://ieeexplore.ieee.org/abstract/document/10816942/