Kylie McClanahan, a University of Arkansas doctoral student and senior developer at Bastazo, joins the Aperture podcast to discuss her research into automating the gathering of vulnerability remediation and mitigation information from vendors and third-party sources.
McClanahan explains how she and colleagues have used machine learning, natural language processing, and keyword techniques, among others, to parse mitigation advice from vendor advisories and alerts from third-party sources such as NVD.
These advisories often have incomplete mitigation information that's especially valuable in OT environments where asset owners must rely on mitigations when patches aren't either available or devices cannot be patched.
McClanahan has coauthored two papers explaining different approaches to solving this problem that can be downloaded here.