CWE-ASSIST: A framework for automating CWE classification

In this paper, we propose a new method to re-classify weaknesses in vulnerabilities with more labels. We do so through a classification model that generates an abundance of relevant weakness labels, in our experiments this abundance of labels already create significant F1-score improvement, however with a lower precision. We then use these generated labels as suggestions for experts to review, generating a new set of expert curated labels. These curated labels then become new dataset labels and are used retraining our classification model thresholds. Our experiments demonstrate that utilizing even small datasets of expert evaluations can lead to a significant precision improvement while maintaining a similar F1-score compared abundance of labels.