Skip to content

opendr-io/causality

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

270 Commits
.devcontainer
.devcontainer
 
 
2024
2024
 
 
2025
2025
 
 
2026
2026
 
 
BASC
BASC
 
 
HEAD
HEAD
 
 
img
img
 
 
notebooks
notebooks
 
 
web
web
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
journal.bak
journal.bak
 
 
journal.md
journal.md
 
 
lbak
lbak
 
 

Repository files navigation

Alt text

CAUSALITY is an intrusion prediction model that is successfully predicting CVEs being watchlisted with lead times ranging from days to months. Every incident response we turn into incident avoidance allows us to actually get "left of boom" and live our best lives. Risk avoidance gives time back to busy DevOPS teams, in addition to security teams, while producing greater CVE risk reduction velocity than conventional or manual processes. This project has been presented at THREATCON1, RSAC 2026, BASC OWASP 2025, and some BSides Security conferences.

More information is availabe at these blog posts:

https://opendrio.blog/2025/11/11/show-and-tell-the-causality-project/

https://opendrio.blog/2025/09/21/the-causality-project/

And these recorded conference talks:
[RSAC 2026 Presentation] https://www.rsaconference.com/library/presentation/usa/2026/prediction%20and%20causality%20engineering%20with%20ml%20a%20vuln%20management%20alternative

[THREATCON1 Presentation] https://www.threatcon1.org/presentations/the-causality-project-achieving-intrusion-prediction

[BASC Presentation] https://owaspbasc2025.sched.com/event/1xuPI/no-fate-but-what-we-make-doing-intrusion-prediction

Contents:]

Results contains a history of the provable correct predictions. Provable means anyone can audit these, using the GitHub timestamps, to verify the prediction data was committed before a CVE was added to a watchlist.

web contains a streamlit app with a search interface for the ratings data

causality.ipynb: a Jupyter notebook for processing vuln data and adding ratings generated by the CAUSALITY model.

HEAD The latest ratings files available are kept here. If you're looking for a particualr model run output, check these

2026 : CVEs from calendar 2026 that have been rated by the CAUSALITY model. There are multiple rating levels now ranging from fire to cold. This is being done with a multi-stage pipeline of models and algos and has nothing to do with severity, CVSs, EPSS, or the other conventional metrics.

2025 : CVEs from calendar 2025 that have been rated by the CAUSALITY model. There are two rating levels now, hot and warm.

2024: Ratings runs for calendar 2024 CVES that came out of the model rated 'hot.' It is possible to predict most of the watch-listed CVEs will be in a subset of 6-12% of the population.

I am rating nearly all current CVEs but there may be a few stragglers that were not processed. Let me know if you're looking for a specific CVE. I have not gone back further than 2024 but if you want me to go futher back hit me up.

About

The difference between exploitation prediction and detection is akin to the difference between detecting a missile launch or a detonation. Every avoided exploitation cycle saves hundreds of hours of engineering and infosec time.

Resources

Readme

License

View license
Activity
Custom properties

Stars

13 stars

Watchers

0 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages