Works
About Me
Resume

CVE Database

A public vulnerability database to raise awareness of ML security
Timeline
1 month
Role
Design Lead
Team
Chris King - Head of Product
Josh Miles - Sr. Software Engineer
Caleb Herbel - Software Engineer
*To comply with NDA, I have omitted and obfuscated confidential information in the post. Happy to share more details in the interview. Thanks!

What is CVE?

Open-source definitions for cyber security vulnerabilities and exposures. Funded by the US Department of Homeland Security.

Why is it there?

It allows vulnerability databases and other capabilities to be linked together and tofacilitate the comparison of security tools.

Our opportunity?

We want to create a curated version of CVE database for users to reference in our future ML security products.

We want to create a curated CVE database that..
P0: Provides comprehensive, timely, accurate, and easily accessible information to help cybersecurity professionals identify and mitigate security risks.

P1: Raises ML security risks to the public.

Challenge

The existing CVE definitions and database are difficult to navigate..

Solution

1. Identify the problem
From our research, our target users (ML engineers)  often found it difficult to navigate to the information they wanted to see in the original database.
2. Collect data
Data were collected and arranged in an information priority order based on user stories and feedback. Here is the information hierarchy in orders:

- What CVE is this?

- How severe is it?

- What are the details?

-Where are the references?
3. Simplify data
Group data into 4 sections and rearrange in z-format layout for better readability.
4. Optimize readability
Further improve data readability.
5. Implement the style guide
Establish the style guide and UI components for systematic development.

Key iteration I

Improve the readability of CVE severity and metrics, and include tooltips for additional explanations.

Before

1. CVE Severity score was not visible enough. The color contrast violated WCAG compliance.

2. CVE vectors (metrics) were displayed in code format.

3. Needed to mouse-hover over the vector codes to display the actual meanings behind the abbreviations.

After

4. Display severity score in circle format that can easily indicate the value without showing the numbers.

5. Display 3 most-checked vectors with full names up front.

6. Provide tooltips for additional explanations.

Key iteration II

Improve the readability of known affected software packages.

Key iteration III

Initiated the establishment of UI style guide and design system for efficient communication with front-end developers.

Output

Final screens for CVE details page (P0) & home/search page (P1).
The layout & spacing guidelines for communication with front-end devs.

Further scope

Define layouts for various screen sizes during the iteration phase.

Reflection

Owning the design gives me more freedom but also more responsibility for the product.
The Impact
- The project laid the groundwork for a robust database architecture, ultimately helping the team to develop more sophisticated ML applications.

What I Learned
- 0 to 1 design process
- Close collaboration with cross-functional teams
- The style guide & design system

How I Can Improve
- The scalability
- Be more agile
- The right strategy of using the design system
Back to top
Next: Selected Visuals
Let's connect!
EmailLinkedIn
©2024  Kevin Ku. All Rights Reserved.