Regular expressions are used to identity CVEs, and "NVD" is used to describe the security severity of each CVE.
Figures 6 displays the information that is aggregated by the software.
Below is a description of the headers in Figure 6:
- driver_id: a unique identifier for each software update
- cve_num: the number of CVE identified in each update
- security_score:a security score ranging from 0.0 to 10.0 (the higher the number, the more severe the security update)
- security_severity:the severity of security update (classified into none, low, medium, or high [and critical] categories)
An update with a cve_num of more than 0 is a security update. In the example above, JY83M is a security update because it has one CVE, and it is a highly critical security update because it has a security score of 9.8.