Thanks for sharing this. The math is interesting, I intend to review the code in GitHub. I am interested in learning what’s useful. I determine the exploitability of a vulnerability today by personally checking systems and software using vulnerability management tools and penetration testing techniques. In the future, I am testing AI to assess vulnerability exploitability. The artificial general intelligence system is faster, and more concise than most humans I have worked with. I can start tesing it for cyber risk statistics and probability. I am already developing it for GRC automation, and I have built cloud-native systems for NLP and understand the lexicon and ontology behind the ML. With enough training data we could build a predictive model.