The Exploit Prediction Scoring System (EPSS) is a data-driven effort for predicting when software vulnerabilities will be exploited. The goal of this effort is to assist network defenders in better prioritizing vulnerability remediation efforts and defend their networks. While other efforts have been useful for capturing innate characteristics of a vulnerability, and provide measures of severity, they are limited in their practical ability to assess threat. EPSS fills that gap because it uses...| portal.first.org
The number of disclosed vulnerabilities has been steadily increasing over the years. At the same time, organizations face significant challenges patching their systems, leading to a need to prioritize vulnerability remediation in order to reduce the risk of attacks. Unfortunately, existing vulnerability scoring systems are either vendor-specific, proprietary, or are only commercially available. Moreover, these and other prioritization strategies based on vulnerability severity are poor predic...| arXiv.org