The widespread adoption of microservice architectures has given rise to a new set of software security challenges. These challenges stem from the unique features inherent in microservices. It is important to systematically assess and address software security challenges such as software security risk assessment. However, existing approaches prove inefficient in accurately evaluating the security risks associated with microservice architectures. To address this issue, we propose CyberWise Predictor, a framework designed for predicting and assessing security risks associated with microservice architectures. Our framework employs deep learning-based natural language processing models to analyze vulnerability descriptions for predicting vulnerability metrics to assess security risks. Our experimental evaluation shows the effectiveness of CyberWise Predictor, achieving an average accuracy of 92% in automatically predicting vulnerability metrics for new vulnerabilities. Our framework and findings serve as a guide for software developers to identify and mitigate security risks in microservice architectures.

翻译：微服务架构的广泛采用引发了一系列新的软件安全挑战，这些挑战源于微服务固有的独特特性。系统性地评估和应对软件安全挑战（例如软件安全风险评估）至关重要。然而，现有方法在准确评估与微服务架构相关的安全风险方面效率不足。为解决这一问题，我们提出了CyberWise Predictor，一个用于预测和评估微服务架构安全风险的框架。该框架采用基于深度学习的自然语言处理模型，通过分析漏洞描述来预测漏洞度量指标，进而评估安全风险。实验评估表明，CyberWise Predictor能够有效自动预测新漏洞的漏洞度量指标，平均准确率达到92%。我们的框架和研究结果为软件开发人员在微服务架构中识别和缓解安全风险提供了指导。