The project aims to distinguish profiles of software vendors that allow the exploitation of computer security vulnerabilities. Data about the vendors and the vulnerabilities they exploit in their software will be collected from illicit software sales forums. The vulnerabilities will be classified according to what they can do when exploited. Then profiles will be developed based on the different types of vulnerabilities sold by each vendor. The profiles will be developed using artificial intelligence and interpreted with a criminological perspective.
Everyday, hundreds of new vulnerabilities are discovered and disclosed to the users of the systems they affect. The sheer volume of vulnerabilities makes it difficult, if not impossible, for system administrators to rapidly address every vulnerability. Furthermore, research shows that only 5% of vulnerabilities are eventually exploited. This situation brings about a need to prioritize some vulnerabilities over others, with the vulnerabilities most likely to be exploited treated as priorities.