Calculating CVSS Scores with ChatGPT, (Tue, Apr 25th)

Symbolic objects (coffee cups) urge lawmakers to communicate with each other (grab a coffee and talk). Part of the #CoffeeandCompromise protest.
Grab a coffee and talk

Everybody appears to be set to use ChatGPT for evil. After all, what is the fun in making the world a better place if, instead, you can make fun of a poor large large-scale language model whose developers only hinted at what it could mean to be good?

Having not given up on machines finally taking over to beat the “humane” into “humanity,” I recently looked at some ways to use ChatGPT more defensively.

An issue I have been struggling with is vendors like Apple providing very terse and unstructured vulnerability summaries. You may have seen my attempt to create a more structured version of them and to assign severities to these vulnerabilities. Given that there are often dozens of vulnerabilities and limitations of my human form, the severity I assign is more of a “best guess.” So I figured I would try to automate this with ChatGPT, and the initial results are not bad. 

For example, let’s take the last Apple vulnerability, CVE-2023-28206. This was an already exploited (“0-Day”) privilege escalation vulnerability. 

Chat GPT delivers the following analysis:

Given the limited information, I think a score of 8.8, and the analysis, isn’t bad. Personally, I would have rated it probably a bit lower.

I will probably add this to my Apple vulnerability parser and use this the next time Apple releases an update 🙂

Johannes B. Ullrich, Ph.D. , Dean of Research,

(c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.

Reposted from SANS. View original.

Alex Post