The increasing frequency and sophistication of cybersecurity vulnerabilities in software systems underscores the need for robust and reliable vulnerability assessment methods. However, existing approaches often rely on highly technical and abstract frameworks, limiting accessibility for practitioners and increasing the risk of exploitation. In this paper, we introduce ChatNVD, a support tool powered by Large Language Models (LLMs) that leverages the National Vulnerability Database (NVD) to enhance the accessibility of vulnerability information. We develop three variants of ChatNVD using GPT-4o Mini (OpenAI), LLaMA 3 (Meta), and Gemini 1.5 Pro (Google). To evaluate their performance, we design a benchmark of structured queries derived from real CVE records, covering temporal, descriptive, and metric-based attributes. Our results show that GPT-4o Mini consistently outperforms the other models, achieving over 92% exact-match accuracy with lower hallucination and error rates. These findings demonstrate the potential of lightweight, retrieval-augmented LLM workflows for supporting vulnerability management and operational decision-making in cybersecurity contexts.
Chopra et al. (Thu,) studied this question.