December 20, 2023 at 08:21AM
Bugcrowd has updated its Vulnerability Rating Taxonomy with a new system for categorizing and prioritizing vulnerabilities in large language models. The open-source VRT initiative, launched in 2016, aids Bugcrowd and its customer organizations in standardizing vulnerability classification and assessing cybersecurity risks. The update was influenced by the OWASP Top 10 for Large Language Model Applications.
The meeting notes indicate that Bugcrowd has updated its Vulnerability Rating Taxonomy (VRT) with a new rating system aimed at categorizing and prioritizing vulnerabilities in large language models (LLMs). The VRT, which was launched in 2016, serves as an open-source initiative to standardize vulnerability classification and is utilized by Bugcrowd, its customer organizations, and vulnerability researchers. The VRT offers a framework for assessing cybersecurity risk severity and establishes a baseline technical severity rating for common vulnerability classes. The recent VRT update was influenced by the OWASP Top 10 for Large Language Model Applications. Bugcrowd’s community of vulnerability researchers can now focus on hunting for specific vulnerabilities and creating targeted proofs-of-concept, while program owners with LLM-related assets can design project scoping and rewards that produce optimal outcomes. According to Casey Ellis, founder and chief strategy officer of Bugcrowd, AI technologies like LLMs have brought about new and complex security challenges that the industry is just beginning to comprehend and document.