KalmanCVE

KalmanCVE is a reproducible, data-driven project for forecasting Common Vulnerabilities and Exposures (CVE) counts using the Kalman Filter and time series analysis. The project leverages the Darts time series library and public data from the National Vulnerability Database (NVD).

Project Overview

Goal: Provide transparent, robust, and regularly updated forecasts of CVE counts for recent and upcoming years (2023, 2024, 2025).
Approach: Each year has a dedicated Jupyter notebook that loads, cleans, and aggregates NVD data, fits a Kalman Filter model, and generates monthly forecasts. Diagnostics and validation steps are included for transparency.
Data Source: NVD JSONL export (see NVD Data Feeds).
Forecasting Library: Darts
Visualization: Matplotlib, pandas, and Darts built-in plotting.

Notebooks

Kalman_2023.ipynb: Forecasts and validates CVE counts for 2023.
Kalman_2024.ipynb: Forecasts and validates CVE counts for 2024.
Kalman_2025.ipynb: Forecasts and validates CVE counts for 2025. This notebook updates every 6 hours.

Each notebook includes:

Data loading and validation
Aggregation and exploratory analysis
Model fitting and forecasting
Diagnostics and visualizations
Validation against actuals (where available)

Usage

Install dependencies:
```
pip install -r requirements.txt
```
Download the latest NVD data:
- Place the nvd.jsonl file in the project root directory.
Open a notebook:
- Use JupyterLab, VS Code, or another compatible environment.
- Run all cells in the desired notebook (e.g., Kalman_2025.ipynb).

File Descriptions

Kalman_2023.ipynb, Kalman_2024.ipynb, Kalman_2025.ipynb: Main forecasting notebooks for each year.
nvd.jsonl: NVD data export (required for analysis).
requirements.txt: Python dependencies.
forecast_plot.png: Example output plot (optional).
LICENSE: Project license (NIST data is public domain).

Notes

The 2025 notebook is scheduled to update every 6 hours to reflect the latest available data.
All code is designed for reproducibility and transparency. See notebook markdown cells for detailed explanations.

License

NVD data is provided by NIST and is in the public domain. See: https://www.nist.gov/open/license
Project code is licensed under the terms in LICENSE.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

KalmanCVE

Project Overview

Notebooks

Usage

File Descriptions

Notes

License

About

Uh oh!

Releases

Packages

Uh oh!

Contributors 2

Uh oh!

Languages

Name		Name	Last commit message	Last commit date
Latest commit History 1,203 Commits
.github/workflows		.github/workflows
.gitignore		.gitignore
Kalman_2023.ipynb		Kalman_2023.ipynb
Kalman_2024.ipynb		Kalman_2024.ipynb
Kalman_2025.ipynb		Kalman_2025.ipynb
LICENSE		LICENSE
README.md		README.md
forecast_plot.png		forecast_plot.png
requirements.txt		requirements.txt

License

jgamblin/KalmanCVE

Folders and files

Latest commit

History

Repository files navigation

KalmanCVE

Project Overview

Notebooks

Usage

File Descriptions

Notes

License

About

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors 2

Uh oh!

Languages

Packages