|
|
--- |
|
|
language: en |
|
|
license: mit |
|
|
library_name: transformers |
|
|
pipeline_tag: text-classification |
|
|
base_model: google/flan-t5-base |
|
|
model_type: seq2seq |
|
|
tags: |
|
|
- security |
|
|
- cve |
|
|
- vulnerability |
|
|
- explanation |
|
|
- remediation |
|
|
- devsecops |
|
|
- lora |
|
|
- peft |
|
|
- education |
|
|
datasets: |
|
|
- synthetic |
|
|
inference: true |
|
|
--- |
|
|
|
|
|
# CVE Human-Readable Explanation & Solution Generator |
|
|
|
|
|
An open-source, fine-tuned language model that converts **CVE (Common Vulnerabilities and Exposures)** information into **plain-English explanations**, **step-by-step remediation**, and **future prevention guidance**. |
|
|
|
|
|
This model is designed to **educate developers and non-security users**, not just classify vulnerabilities. |
|
|
|
|
|
--- |
|
|
|
|
|
## What This Model Does |
|
|
|
|
|
Given a CVE description, the model explains: |
|
|
|
|
|
- What the **CVE ID means** |
|
|
- What the vulnerability is **in simple terms** |
|
|
- Why it is **dangerous in real life** |
|
|
- How to **fix it step by step** |
|
|
- How to **prevent similar issues** in the future |
|
|
|
|
|
The output is written in **full sentences and paragraphs**, avoiding security jargon whenever possible. |
|
|
|
|
|
--- |
|
|
|
|
|
## Model Architecture |
|
|
|
|
|
- **Base model:** google/flan-t5-base |
|
|
- **Fine-tuning method:** LoRA (Low-Rank Adaptation) |
|
|
- **Task:** Text-to-Text Generation |
|
|
- **Weights in this repository:** LoRA adapter only |
|
|
|
|
|
The base model remains frozen; only lightweight LoRA parameters were trained. |
|
|
|
|
|
--- |
|
|
|
|
|
## Example |
|
|
|
|
|
### Input |
|
|
```text |
|
|
Explain this vulnerability to a developer with no security background. |
|
|
|
|
|
CVE ID: CVE-2021-44228 |
|
|
Software: Apache Log4j |
|
|
Severity: CRITICAL |
|
|
Description: Attackers can remotely execute code. |
|
|
|
