Keerthana Purushotham is a software engineer and applied
researcher specializing in Linux security, cloud
infrastructure, and AI-driven automation. She currently
works on Amazon Linux at AWS, where she focuses on
vulnerability management, CVE triage, and security tooling
for large-scale, correctness-critical systems. Her work
bridges low-level systems engineering with machine learning
and statistics, enabling predictive approaches to risk
assessment, patch prioritization, and threat modeling.
Keerthana holds a Master’s degree in Computer Science from
UC San Diego, with strong foundations in algorithms,
operating systems, probabilistic learning, and security.
She has published peer-reviewed research in IEEE and ACL
venues, with work spanning cloud security, NLP, web
crawling, and image processing, and maintains an active
Google Scholar profile.
Her open-source projects explore secure ephemeral AI
tooling, distributed cloud services, and structured
prediction models. Across industry and research, she is
driven by building reliable, explainable, and scalable
systems that operate at the intersection of security,
infrastructure, and applied machine intelligence.
An applied research summary introducing advanced confusion-matrix metrics that outperform accuracy in predicting CVE exploitability impact. CVE impact prediction is often evaluated using accuracy, despite operating in a domain characterized by extreme class imbalance, asymmetric risk, and incomplete ground truth. This paper argues that accuracy is a poor proxy for security effectiveness and can actively obscure dangerous failure modes, particularly false negatives involving rare but high-impact vulnerabilities. Grounded in statistical fundamentals, we reframe CVE evaluation through confusion-matrix–derived metrics- such as false-negative rate, likelihood ratios, and correlation-based measures, that apply to any predictive black box, not just machine learning models. Using real-world CVE workflows and illustrative failure cases, we show how these metrics provide earlier and more reliable signals of degraded trust in vulnerability assessments. The result is a practical, risk-aware evaluation framework that aligns statistical measurement with operational security outcomes, enabling teams to detect hidden blind spots before they translate into exploitable incidents.
