VulZoo: A Comprehensive Vulnerability Intelligence Dataset

TL;DR

VulZoo is a comprehensive, publicly available vulnerability dataset covering 17 sources, designed to improve vulnerability assessment research through easier data integration, updates, and analysis.

Contribution

The paper introduces VulZoo, a broad vulnerability dataset with interconnected sources and utility tools, addressing limitations of existing limited and repetitive data collection methods.

Findings

VulZoo covers 17 vulnerability sources.

Provides tools for data synchronization and analysis.

Facilitates vulnerability assessment research.

Abstract

Software vulnerabilities pose critical security and risk concerns for many software systems. Many techniques have been proposed to effectively assess and prioritize these vulnerabilities before they cause serious consequences. To evaluate their performance, these solutions often craft their own experimental datasets from limited information sources, such as MITRE CVE and NVD, lacking a global overview of broad vulnerability intelligence. The repetitive data preparation process further complicates the verification and comparison of new solutions. To resolve this issue, in this paper, we propose VulZoo, a comprehensive vulnerability intelligence dataset that covers 17 popular vulnerability information sources. We also construct connections among these sources, enabling more straightforward configuration and adaptation for different vulnerability assessment tasks (e.g., vulnerability type prediction). Additionally, VulZoo provides utility scripts for automatic data synchronization and cleaning, relationship mining, and statistics generation. We make VulZoo publicly available and maintain it with incremental updates to facilitate future research. We believe that VulZoo serves as a valuable input to vulnerability assessment and prioritization studies. The dataset with utility scripts is available at https://github.com/NUS-Curiosity/VulZoo.