The cybersecurity community has invested over two decades in building standardized frameworks, the Common Vulnerabilities and Exposures (CVE) system, the Common Vulnerability Scoring System (CVSS), and the Common Weakness Enumeration (CWE) to identify, classify, and remediate threats to digital infrastructure. However, an emerging body of research reveals that a vast majority of successful cyberattacks exploit not software flaws, but human behavioral and psychological vulnerabilities. Social engineering, fraud, and scam attacks, which manipulate human cognition, emotion, and trust, do not have an equivalent standardized framework. Meanwhile, behavioral science and psychology research has established robust theoretical foundations, such as dual-process theory, prospect theory, social influence frameworks, and visceral state models, which explain precisely why and how these attacks succeed. This paper introduces the Human Vulnerabilities & Exploits (HVE) Framework, a structured approach for identifying, classifying, and mitigating the behavioral and psychological vulnerabilities exploited in scams, social engineering, and other human-centric fraud and attacks, analogous in concept to how CVE helps classify software vulnerabilities: it provides a shared, machine-readable taxonomy with structured identifiers, multi-dimensional severity scoring via the Human Vulnerability Severity Score (HVSS), and actionable remediation guidance through Human Vulnerability Patches (HVPs). This introduction synthesizes the relevant literature across cybersecurity standardization, behavioral science, and fraud defense to establish the theoretical and practical foundations for the HVE framework, whose architecture and technical specifications are detailed in subsequent sections.

翻译：网络安全界过去二十多年致力于构建标准化框架，包括通用漏洞与暴露系统（CVE）、通用漏洞评分系统（CVSS）及通用缺陷枚举（CWE），以识别、分类并修复数字基础设施面临的威胁。然而，新兴研究表明，绝大多数成功的网络攻击利用的并非软件缺陷，而是人类的行为与心理脆弱性。利用人类认知、情感与信任的社会工程、欺诈及诈骗攻击，至今缺乏相应的标准化框架。与此同时，行为科学与心理学研究已建立坚实的理论基础，如双加工理论、前景理论、社会影响框架及本能状态模型，精确解释了这些攻击何以成功以及如何运作。本文提出人类脆弱性与利用（HVE）框架，这是一种结构化方法，用于识别、分类并缓解诈骗、社会工程及其他以人为中心的欺诈与攻击中所利用的行为与心理脆弱性——其核心理念类似于CVE对软件脆弱性的分类：通过结构化标识符提供共享的机器可读分类体系，通过人类脆弱性严重性评分（HVSS）进行多维严重性评估，并通过人类脆弱性补丁（HVPs）提供可操作的修复指南。本引言综合网络安全标准化、行为科学与欺诈防御领域的相关文献，为HVE框架奠定理论与实践基础，其架构与技术规范将在后续章节详述。