This is the initial code release for Vuln4Cast.
It is designed to do 3 things:
- Prove that CVE forecasting is possible (Hurst exponent), that it is practical, and accurate enough for usage.
- Provide a strawman forecast for others to fork, improve upon, and exceed. The improvement can be in multiple dimensions: accuracy (precision or confidence/prediction intervals), lookahead, lookbehind, sub-forecasts (Windows, Oracle, Mozilla, CVSS), or using other vulnerability records to forecast (JVN or CNNVD).
- To kill the idea that vulnerabilities and zero days will always surprise us, that we can only react to them, that vulnerabilities are not foreseeable.
We hope you use this release to begin thinking about the future of vulnerabilities and CVEs.