Data Analysis of Discussions, Regarding Common Vulnerabilities and Exposures, and their Sentiment on Social Media

Sammanfattning: As common vulnerabilites and exposures are detected, they are also discussed in various social platforms. The problem is that only a few of the posts made about them, are getting enough attention. This leads to an unawareness of potential and critical threats against systems. It is therefore important to look for patterns that make certain vulnerabilites more or less discussed. To do so, a framework was made for collecting discussions around cybersecurity and more specific vulnerabilites/exposures called CVE from Reddit. In addition, some of the desired data was collected from Twitter. Thereafter, the sentiments of the collected posts were calculated to see patterns between popular subreddits and the attitude shown in them. This was done with three methods: Flair, TextBlob and Vader. The results showed for instance that general discussions about information security were considered to be more positive than discussions of common vulnerabilites and exposures. Another result showed that the spread of CVEs that have a partial impact, are higher in Reddit, and is increasing almost exponentially. CVSS scores showed that a CVE with a CVSS score of around 7 is more likely to appear. Many CVEs in Reddit was also discussed before and after they were disclosed. The implication of this work might be that more and more people might use Reddit to discuss specific types of CVEs in a suitable subreddit, as well as being aware of common vulnerabilites and exposures, in order to prevent future threats.