Expected exploitability: Predicting the development of functional vulnerability exploits

摘要: Assessing the exploitability of software vulnerabilities at the time of disclosure is difficult and error-prone, as features extracted via technical analysis by existing metrics are poor predictors for exploit development. Moreover, exploitability assessments suffer from a class bias because" not exploitable" labels could be inaccurate.