Publication

Text2Weak: mapping CVEs to CWEs using description embeddings analysis

Stefano Simonetto, Ronan Oostveen, Thijs van Ede, Peter Bosch, Willem Jonker

2024 · Workshop on Artificial Intelligence-Enabled Cybersecurity Analytics (AI4Cyber)

This paper presents Text2Weak, a methodology for mapping CVE descriptions to CWEs by combining large-language-model embeddings, vector search, and similarity scoring. It evaluates the approach on real vulnerability data and discusses how the same mapping pipeline can extend to related sources such as threat intelligence reports, security blogs, and misconfigurations.