Every year, I get asked, “How many CVEs do you think will be published this year?“
I am always willing to take a guess, but last year, I read Time Series Forecasting in Python. As I started to read more about the Kalman Filter, I figured it would work great for predicting CVE growth, so I built a simple model to test it out.
My 2024 CVE model using the Kalman Filter is predicting 32,600 published CVEs.
Here is the monthly breakdown:
The model for 2023 underestimated the number of CVEs by 1,670, which I felt was really good for the first attempt.
What is the Kalman Filter?
The Kalman Filter algorithm uses a series of measurements observed over time to produce estimates that tend to be more accurate than those based on a single measurement alone. In essence, it helps predict the future state of a system based on its current state and past trends.
What Python Library Did You Use?
I have been using Darts by Unit8 as it is fully featured and easy to implement.
All the code for this blog post is in this Github Repository, and I plan on automating and updating it as I get more time.