Text Generation
PEFT
Safetensors
Transformers
lora
cybersecurity
vulnerability-remediation
cve
conversational
Instructions to use ramitha2002/SecFix-CVE-Remediation with libraries, inference providers, notebooks, and local apps. Follow these links to get started.
- Libraries
- PEFT
How to use ramitha2002/SecFix-CVE-Remediation with PEFT:
from peft import PeftModel from transformers import AutoModelForCausalLM base_model = AutoModelForCausalLM.from_pretrained("fdtn-ai/Foundation-Sec-8B-Instruct") model = PeftModel.from_pretrained(base_model, "ramitha2002/SecFix-CVE-Remediation") - Transformers
How to use ramitha2002/SecFix-CVE-Remediation with Transformers:
# Use a pipeline as a high-level helper from transformers import pipeline pipe = pipeline("text-generation", model="ramitha2002/SecFix-CVE-Remediation") messages = [ {"role": "user", "content": "Who are you?"}, ] pipe(messages)# Load model directly from transformers import AutoModel model = AutoModel.from_pretrained("ramitha2002/SecFix-CVE-Remediation", dtype="auto") - Notebooks
- Google Colab
- Kaggle
- Local Apps Settings
- vLLM
How to use ramitha2002/SecFix-CVE-Remediation with vLLM:
Install from pip and serve model
# Install vLLM from pip: pip install vllm # Start the vLLM server: vllm serve "ramitha2002/SecFix-CVE-Remediation" # Call the server using curl (OpenAI-compatible API): curl -X POST "http://localhost:8000/v1/chat/completions" \ -H "Content-Type: application/json" \ --data '{ "model": "ramitha2002/SecFix-CVE-Remediation", "messages": [ { "role": "user", "content": "What is the capital of France?" } ] }'Use Docker
docker model run hf.co/ramitha2002/SecFix-CVE-Remediation
- SGLang
How to use ramitha2002/SecFix-CVE-Remediation with SGLang:
Install from pip and serve model
# Install SGLang from pip: pip install sglang # Start the SGLang server: python3 -m sglang.launch_server \ --model-path "ramitha2002/SecFix-CVE-Remediation" \ --host 0.0.0.0 \ --port 30000 # Call the server using curl (OpenAI-compatible API): curl -X POST "http://localhost:30000/v1/chat/completions" \ -H "Content-Type: application/json" \ --data '{ "model": "ramitha2002/SecFix-CVE-Remediation", "messages": [ { "role": "user", "content": "What is the capital of France?" } ] }'Use Docker images
docker run --gpus all \ --shm-size 32g \ -p 30000:30000 \ -v ~/.cache/huggingface:/root/.cache/huggingface \ --env "HF_TOKEN=<secret>" \ --ipc=host \ lmsysorg/sglang:latest \ python3 -m sglang.launch_server \ --model-path "ramitha2002/SecFix-CVE-Remediation" \ --host 0.0.0.0 \ --port 30000 # Call the server using curl (OpenAI-compatible API): curl -X POST "http://localhost:30000/v1/chat/completions" \ -H "Content-Type: application/json" \ --data '{ "model": "ramitha2002/SecFix-CVE-Remediation", "messages": [ { "role": "user", "content": "What is the capital of France?" } ] }' - Docker Model Runner
How to use ramitha2002/SecFix-CVE-Remediation with Docker Model Runner:
docker model run hf.co/ramitha2002/SecFix-CVE-Remediation
Update readme
Browse files
README.md
CHANGED
|
@@ -6,154 +6,226 @@ tags:
|
|
| 6 |
- base_model:adapter:fdtn-ai/Foundation-Sec-8B-Instruct
|
| 7 |
- lora
|
| 8 |
- transformers
|
|
|
|
|
|
|
|
|
|
| 9 |
---
|
| 10 |
|
| 11 |
# Model Card for Model ID
|
| 12 |
|
| 13 |
-
|
| 14 |
-
|
| 15 |
|
| 16 |
|
| 17 |
## Model Details
|
| 18 |
|
| 19 |
### Model Description
|
| 20 |
|
| 21 |
-
|
| 22 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 23 |
|
|
|
|
| 24 |
|
| 25 |
-
- **Developed by:**
|
| 26 |
-
- **Funded by [optional]:**
|
| 27 |
-
- **Shared by [optional]:**
|
| 28 |
-
- **Model type:**
|
| 29 |
-
- **Language(s) (NLP):**
|
| 30 |
-
- **License:**
|
| 31 |
-
- **Finetuned from model [optional]:**
|
| 32 |
|
| 33 |
-
### Model Sources [optional]
|
| 34 |
|
| 35 |
-
|
| 36 |
|
| 37 |
-
- **
|
| 38 |
-
- **
|
| 39 |
-
- **Demo [optional]:** [More Information Needed]
|
| 40 |
|
| 41 |
## Uses
|
| 42 |
|
| 43 |
-
<!-- Address questions around how the model is intended to be used, including the foreseeable users of the model and those affected by the model. -->
|
| 44 |
-
|
| 45 |
### Direct Use
|
| 46 |
|
| 47 |
-
|
| 48 |
|
| 49 |
-
|
|
|
|
|
|
|
|
|
|
| 50 |
|
| 51 |
-
### Downstream Use
|
| 52 |
|
| 53 |
-
|
| 54 |
|
| 55 |
-
|
|
|
|
|
|
|
|
|
|
| 56 |
|
| 57 |
### Out-of-Scope Use
|
| 58 |
|
| 59 |
-
|
| 60 |
|
| 61 |
-
|
|
|
|
|
|
|
|
|
|
| 62 |
|
| 63 |
## Bias, Risks, and Limitations
|
| 64 |
|
| 65 |
-
|
| 66 |
-
|
| 67 |
-
[More Information Needed]
|
| 68 |
|
| 69 |
### Recommendations
|
| 70 |
|
| 71 |
-
|
| 72 |
-
|
| 73 |
-
Users (both direct and downstream) should be made aware of the risks, biases and limitations of the model. More information needed for further recommendations.
|
| 74 |
|
| 75 |
## How to Get Started with the Model
|
| 76 |
|
| 77 |
Use the code below to get started with the model.
|
| 78 |
|
| 79 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 80 |
|
| 81 |
## Training Details
|
| 82 |
|
| 83 |
### Training Data
|
| 84 |
|
| 85 |
-
|
| 86 |
|
| 87 |
-
|
| 88 |
|
| 89 |
-
|
|
|
|
| 90 |
|
| 91 |
-
|
| 92 |
|
| 93 |
-
###
|
| 94 |
-
|
| 95 |
-
[More Information Needed]
|
| 96 |
|
|
|
|
| 97 |
|
| 98 |
#### Training Hyperparameters
|
| 99 |
|
| 100 |
-
- **Training regime:**
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 101 |
|
| 102 |
-
#### Speeds, Sizes, Times
|
| 103 |
|
| 104 |
-
|
| 105 |
-
|
| 106 |
-
[More Information Needed]
|
| 107 |
|
| 108 |
## Evaluation
|
| 109 |
|
| 110 |
-
<!-- This section describes the evaluation protocols and provides the results. -->
|
| 111 |
-
|
| 112 |
### Testing Data, Factors & Metrics
|
| 113 |
|
| 114 |
#### Testing Data
|
| 115 |
|
| 116 |
-
|
| 117 |
|
| 118 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 119 |
|
| 120 |
#### Factors
|
| 121 |
|
| 122 |
-
|
| 123 |
|
| 124 |
-
|
|
|
|
|
|
|
|
|
|
| 125 |
|
| 126 |
#### Metrics
|
| 127 |
|
| 128 |
-
|
| 129 |
|
| 130 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 131 |
|
| 132 |
### Results
|
| 133 |
|
| 134 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 135 |
|
| 136 |
#### Summary
|
| 137 |
|
| 138 |
-
|
| 139 |
-
|
| 140 |
-
## Model Examination [optional]
|
| 141 |
-
|
| 142 |
-
<!-- Relevant interpretability work for the model goes here -->
|
| 143 |
-
|
| 144 |
-
[More Information Needed]
|
| 145 |
-
|
| 146 |
-
## Environmental Impact
|
| 147 |
-
|
| 148 |
-
<!-- Total emissions (in grams of CO2eq) and additional considerations, such as electricity usage, go here. Edit the suggested text below accordingly -->
|
| 149 |
-
|
| 150 |
-
Carbon emissions can be estimated using the [Machine Learning Impact calculator](https://mlco2.github.io/impact#compute) presented in [Lacoste et al. (2019)](https://arxiv.org/abs/1910.09700).
|
| 151 |
-
|
| 152 |
-
- **Hardware Type:** [More Information Needed]
|
| 153 |
-
- **Hours used:** [More Information Needed]
|
| 154 |
-
- **Cloud Provider:** [More Information Needed]
|
| 155 |
-
- **Compute Region:** [More Information Needed]
|
| 156 |
-
- **Carbon Emitted:** [More Information Needed]
|
| 157 |
|
| 158 |
## Technical Specifications [optional]
|
| 159 |
|
|
@@ -163,45 +235,48 @@ Carbon emissions can be estimated using the [Machine Learning Impact calculator]
|
|
| 163 |
|
| 164 |
### Compute Infrastructure
|
| 165 |
|
| 166 |
-
|
| 167 |
|
| 168 |
#### Hardware
|
| 169 |
|
| 170 |
-
|
|
|
|
| 171 |
|
| 172 |
#### Software
|
| 173 |
|
| 174 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 175 |
|
| 176 |
## Citation [optional]
|
| 177 |
|
| 178 |
-
<!-- If there is a paper or blog post introducing the model, the APA and Bibtex information for that should go in this section. -->
|
| 179 |
-
|
| 180 |
**BibTeX:**
|
| 181 |
|
| 182 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 183 |
|
| 184 |
**APA:**
|
| 185 |
|
| 186 |
-
|
| 187 |
-
|
| 188 |
-
## Glossary [optional]
|
| 189 |
-
|
| 190 |
-
<!-- If relevant, include terms and calculations in this section that can help readers understand the model or model card. -->
|
| 191 |
-
|
| 192 |
-
[More Information Needed]
|
| 193 |
-
|
| 194 |
-
## More Information [optional]
|
| 195 |
-
|
| 196 |
-
[More Information Needed]
|
| 197 |
|
| 198 |
-
## Model Card Authors [optional]
|
| 199 |
|
| 200 |
-
|
| 201 |
|
| 202 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
| 203 |
|
| 204 |
-
[More Information Needed]
|
| 205 |
### Framework versions
|
| 206 |
|
| 207 |
- PEFT 0.19.1
|
|
|
|
| 6 |
- base_model:adapter:fdtn-ai/Foundation-Sec-8B-Instruct
|
| 7 |
- lora
|
| 8 |
- transformers
|
| 9 |
+
- cybersecurity
|
| 10 |
+
- vulnerability-remediation
|
| 11 |
+
- cve
|
| 12 |
---
|
| 13 |
|
| 14 |
# Model Card for Model ID
|
| 15 |
|
| 16 |
+
LoRA adapter for `fdtn-ai/Foundation-Sec-8B-Instruct` tuned for structured CVE remediation output. The model is designed to take CVE evidence and return a fixed seven-field JSON object containing severity, affected component, root cause, and remediation guidance.
|
|
|
|
| 17 |
|
| 18 |
|
| 19 |
## Model Details
|
| 20 |
|
| 21 |
### Model Description
|
| 22 |
|
| 23 |
+
This model is a parameter-efficient fine-tuning adapter built on top of `fdtn-ai/Foundation-Sec-8B-Instruct`. It is intended for structured vulnerability remediation assistance rather than open-ended chat. Given CVE evidence such as CVE ID, description, CVSS score, CWE, and affected component context, it generates a JSON response with a fixed schema:
|
| 24 |
|
| 25 |
+
- `cve_id`
|
| 26 |
+
- `severity`
|
| 27 |
+
- `affected_component`
|
| 28 |
+
- `technical_root_cause`
|
| 29 |
+
- `recommended_fix`
|
| 30 |
+
- `developer_remediation_steps`
|
| 31 |
+
- `verification_steps`
|
| 32 |
|
| 33 |
+
The adapter was evaluated in a Colab-based external benchmark on 100 CVE examples and showed strong schema adherence and high exact-match performance on most structured fields.
|
| 34 |
|
| 35 |
+
- **Developed by:** Ramitha Iddamalgoda
|
| 36 |
+
- **Funded by [optional]:** Self-directed
|
| 37 |
+
- **Shared by [optional]:** Ramitha Iddamalgoda
|
| 38 |
+
- **Model type:** LoRA adapter for causal language modeling
|
| 39 |
+
- **Language(s) (NLP):** English
|
| 40 |
+
- **License:** Apache 2.0
|
| 41 |
+
- **Finetuned from model [optional]:** `fdtn-ai/Foundation-Sec-8B-Instruct`
|
| 42 |
|
|
|
|
| 43 |
|
| 44 |
+
### Model Sources [optional]
|
| 45 |
|
| 46 |
+
- **Paper [optional]:** Not applicable
|
| 47 |
+
- **Demo [optional]:** Not available
|
|
|
|
| 48 |
|
| 49 |
## Uses
|
| 50 |
|
|
|
|
|
|
|
| 51 |
### Direct Use
|
| 52 |
|
| 53 |
+
This adapter is intended for structured CVE remediation tasks where the input contains vulnerability evidence and the desired output is a constrained JSON object. Likely uses include:
|
| 54 |
|
| 55 |
+
- vulnerability triage experiments
|
| 56 |
+
- structured remediation drafting
|
| 57 |
+
- evaluation workflows for CVE understanding
|
| 58 |
+
- prototype security assistant pipelines
|
| 59 |
|
| 60 |
+
### Downstream Use
|
| 61 |
|
| 62 |
+
This adapter can be used inside larger systems that:
|
| 63 |
|
| 64 |
+
- collect CVE descriptions from vulnerability feeds
|
| 65 |
+
- normalize vulnerability information into a fixed schema
|
| 66 |
+
- generate remediation suggestions for analyst review
|
| 67 |
+
- compare structured output quality across model variants
|
| 68 |
|
| 69 |
### Out-of-Scope Use
|
| 70 |
|
| 71 |
+
This model should not be used as:
|
| 72 |
|
| 73 |
+
- a fully autonomous security remediation engine
|
| 74 |
+
- a guaranteed-safe patch recommendation system
|
| 75 |
+
- a replacement for expert review in production security operations
|
| 76 |
+
- a general-purpose cybersecurity assistant outside its structured CVE task
|
| 77 |
|
| 78 |
## Bias, Risks, and Limitations
|
| 79 |
|
| 80 |
+
This model inherits limitations from the base model and from its fine-tuning data. It may produce incomplete, incorrect, outdated, or oversimplified remediation guidance. Although it performs well on the reported benchmark, the benchmark is small and not a definitive production evaluation.
|
|
|
|
|
|
|
| 81 |
|
| 82 |
### Recommendations
|
| 83 |
|
| 84 |
+
Use this model as an assistive tool, not an authoritative source. All outputs should be reviewed by a human with security context before operational use. When reporting results, describe them as an initial external benchmark rather than a final research-grade evaluation.
|
|
|
|
|
|
|
| 85 |
|
| 86 |
## How to Get Started with the Model
|
| 87 |
|
| 88 |
Use the code below to get started with the model.
|
| 89 |
|
| 90 |
+
```python
|
| 91 |
+
from transformers import AutoModelForCausalLM, AutoTokenizer
|
| 92 |
+
from peft import PeftModel
|
| 93 |
+
|
| 94 |
+
base_model = "fdtn-ai/Foundation-Sec-8B-Instruct"
|
| 95 |
+
adapter_repo = "your-username/secfix-cve-remediation-lora"
|
| 96 |
+
|
| 97 |
+
tokenizer = AutoTokenizer.from_pretrained(adapter_repo)
|
| 98 |
+
model = AutoModelForCausalLM.from_pretrained(base_model, device_map="auto")
|
| 99 |
+
model = PeftModel.from_pretrained(model, adapter_repo)
|
| 100 |
+
model.eval()
|
| 101 |
+
```
|
| 102 |
+
|
| 103 |
+
Example input format:
|
| 104 |
+
|
| 105 |
+
```
|
| 106 |
+
CVE ID: CVE-2024-11773
|
| 107 |
+
Description: SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.
|
| 108 |
+
CVSS Score: 9.8
|
| 109 |
+
CWE: CWE-89
|
| 110 |
+
Affected Component: Ivanti - Cloud Services Application
|
| 111 |
+
```
|
| 112 |
+
|
| 113 |
+
Expected output schema:
|
| 114 |
+
|
| 115 |
+
```
|
| 116 |
+
{
|
| 117 |
+
"cve_id": "",
|
| 118 |
+
"severity": "",
|
| 119 |
+
"affected_component": "",
|
| 120 |
+
"technical_root_cause": "",
|
| 121 |
+
"recommended_fix": "",
|
| 122 |
+
"developer_remediation_steps": "",
|
| 123 |
+
"verification_steps": ""
|
| 124 |
+
}
|
| 125 |
+
```
|
| 126 |
|
| 127 |
## Training Details
|
| 128 |
|
| 129 |
### Training Data
|
| 130 |
|
| 131 |
+
The adapter was trained for structured CVE remediation tasks using public CVE-oriented datasets prepared into JSONL chat-style training rows. The broader project used public CVE records with descriptions, CVSS-derived severity information, CWE information where available, and remediation-oriented text derived from source evidence.
|
| 132 |
|
| 133 |
+
Datasets considered in the project included:
|
| 134 |
|
| 135 |
+
- AlicanKiraz0/All-CVE-Records-Training-Dataset
|
| 136 |
+
- iamthierno/cvedataset.jsonl
|
| 137 |
|
| 138 |
+
The final task format used a system prompt plus a user message containing CVE evidence, with the assistant target being a structured JSON object.
|
| 139 |
|
| 140 |
+
### Training Procedure
|
|
|
|
|
|
|
| 141 |
|
| 142 |
+
The model was fine-tuned as a LoRA adapter over fdtn-ai/Foundation-Sec-8B-Instruct for causal language modeling.
|
| 143 |
|
| 144 |
#### Training Hyperparameters
|
| 145 |
|
| 146 |
+
- **Training regime:** bf16 when supported, otherwise fp32
|
| 147 |
+
- **LoRA rank:** 16
|
| 148 |
+
- **LoRA alpha:** 32
|
| 149 |
+
- **LoRA dropout:** 0.1
|
| 150 |
+
- **Target modules:** `q_proj`, `k_proj`, `v_proj`, `o_proj`
|
| 151 |
+
- **Epochs:** 2
|
| 152 |
+
- **Max sequence length:** 2048
|
| 153 |
+
- **Learning rate:** 2e-5
|
| 154 |
+
- **Weight decay:** 0.05
|
| 155 |
+
- **Gradient accumulation steps:** 4
|
| 156 |
+
- **Effective batch size:** 16
|
| 157 |
+
- **Gradient checkpointing:** enabled
|
| 158 |
|
| 159 |
+
#### Speeds, Sizes, Times
|
| 160 |
|
| 161 |
+
The adapter artifact is much smaller than the full base model because only LoRA parameters are stored. Evaluation and inference in Colab were performed using 4-bit loading for practical memory usage.
|
|
|
|
|
|
|
| 162 |
|
| 163 |
## Evaluation
|
| 164 |
|
|
|
|
|
|
|
| 165 |
### Testing Data, Factors & Metrics
|
| 166 |
|
| 167 |
#### Testing Data
|
| 168 |
|
| 169 |
+
The published benchmark was run on 200 examples sampled from:
|
| 170 |
|
| 171 |
+
- `AlicanKiraz0/All-CVE-Records-Training-Dataset`
|
| 172 |
+
|
| 173 |
+
The reported sample used a balanced severity mix:
|
| 174 |
+
|
| 175 |
+
- 25 Critical
|
| 176 |
+
- 25 High
|
| 177 |
+
- 25 Medium
|
| 178 |
+
- 25 Low
|
| 179 |
|
| 180 |
#### Factors
|
| 181 |
|
| 182 |
+
The evaluation focuses on:
|
| 183 |
|
| 184 |
+
- structured JSON validity
|
| 185 |
+
- exact-match correctness on normalized fields
|
| 186 |
+
- token overlap on short text spans
|
| 187 |
+
- overlap-based quality on longer remediation text
|
| 188 |
|
| 189 |
#### Metrics
|
| 190 |
|
| 191 |
+
The evaluation used:
|
| 192 |
|
| 193 |
+
- JSON validity rate
|
| 194 |
+
- required key set match rate
|
| 195 |
+
- field completeness
|
| 196 |
+
- exact match for `cve_id`
|
| 197 |
+
- exact match and Macro-F1 for `severity`
|
| 198 |
+
- exact match and Token-F1 for `affected_component`
|
| 199 |
+
- exact match, Token-F1, and CWE Macro-F1 for `technical_root_cause`
|
| 200 |
+
- ROUGE-L for:
|
| 201 |
+
- `recommended_fix`
|
| 202 |
+
- `developer_remediation_steps`
|
| 203 |
+
- `verification_steps`
|
| 204 |
+
|
| 205 |
+
BERTScore was not computed in the published run.
|
| 206 |
|
| 207 |
### Results
|
| 208 |
|
| 209 |
+
Published benchmark results:
|
| 210 |
+
|
| 211 |
+
- JSON validity: `0.9400`
|
| 212 |
+
- Required key match: `0.9400`
|
| 213 |
+
- Field completeness: `0.9400`
|
| 214 |
+
- CVE ID exact match: `0.9400`
|
| 215 |
+
- Severity exact match: `0.9400`
|
| 216 |
+
- Severity Macro-F1: `0.7748`
|
| 217 |
+
- Affected component exact match: `0.9400`
|
| 218 |
+
- Affected component Token-F1: `0.9400`
|
| 219 |
+
- Technical root cause exact match: `0.9400`
|
| 220 |
+
- Technical root cause Token-F1: `0.9400`
|
| 221 |
+
- Technical root cause CWE Macro-F1: `0.9062`
|
| 222 |
+
- Recommended fix ROUGE-L: `0.9367`
|
| 223 |
+
- Developer remediation ROUGE-L: `0.9228`
|
| 224 |
+
- Verification steps ROUGE-L: `0.9400`
|
| 225 |
|
| 226 |
#### Summary
|
| 227 |
|
| 228 |
+
On the published 100-example Colab benchmark, the adapter showed strong schema adherence and high exact-match performance across most structured fields. The weakest reported metric is severity Macro-F1, which suggests that the remaining errors are concentrated in a subset of severity classes rather than evenly distributed.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 229 |
|
| 230 |
## Technical Specifications [optional]
|
| 231 |
|
|
|
|
| 235 |
|
| 236 |
### Compute Infrastructure
|
| 237 |
|
| 238 |
+
Training used NVIDIA MI300X VRAM and Google Colab for testing.
|
| 239 |
|
| 240 |
#### Hardware
|
| 241 |
|
| 242 |
+
- NVIDIA MI300X VRAM for training
|
| 243 |
+
- Google Colab T4 GPU for evaluation
|
| 244 |
|
| 245 |
#### Software
|
| 246 |
|
| 247 |
+
- Transformers
|
| 248 |
+
- PEFT
|
| 249 |
+
- PyTorch
|
| 250 |
+
- Hugging Face Hub
|
| 251 |
+
- rouge-score
|
| 252 |
+
- scikit-learn
|
| 253 |
|
| 254 |
## Citation [optional]
|
| 255 |
|
|
|
|
|
|
|
| 256 |
**BibTeX:**
|
| 257 |
|
| 258 |
+
```bibtex
|
| 259 |
+
@misc{secfix_lora_adapter,
|
| 260 |
+
title={SecFix CVE Remediation LoRA Adapter},
|
| 261 |
+
author={Ramitha},
|
| 262 |
+
year={2026},
|
| 263 |
+
howpublished={Hugging Face model repository}
|
| 264 |
+
}
|
| 265 |
+
```
|
| 266 |
|
| 267 |
**APA:**
|
| 268 |
|
| 269 |
+
Iddamalgoda, I. H. R. P. (2026). *SecFix CVE Remediation LoRA Adapter* [LoRA adapter]. Hugging Face.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 270 |
|
|
|
|
| 271 |
|
| 272 |
+
## Glossary
|
| 273 |
|
| 274 |
+
- **CVE:** Common Vulnerabilities and Exposures identifier
|
| 275 |
+
- **CWE:** Common Weakness Enumeration label
|
| 276 |
+
- **LoRA:** Low-Rank Adaptation, a parameter-efficient fine-tuning method
|
| 277 |
+
- **ROUGE-L:** Longest-common-subsequence overlap metric for generated text
|
| 278 |
+
- **Macro-F1:** Class-balanced F1 score across labels
|
| 279 |
|
|
|
|
| 280 |
### Framework versions
|
| 281 |
|
| 282 |
- PEFT 0.19.1
|