topic Had you heard of/worked with EPSS (Exploit Prediction Scoring System) before? in Tech Talk https://community.isc2.org/t5/Tech-Talk/Had-you-heard-of-worked-with-EPSS-Exploit-Prediction-Scoring/m-p/58879#M3904 <P>EPSS&nbsp;(Exploit Prediction Scoring System)<BR /><BR />• Open-source project led by RAND and Cyentia<BR />• Machine learning system designed to predict the likelihood&nbsp;of a given vulnerability being exploited<BR />• Explicitly trying to provide better intelligence than the Common Vulnerability Scoring System (CVSS)<BR />• Training inputs: past observations of CVE exploitation<BR />• Fortinet, Cisco, Greynoise, F5!<BR />• Runtime inputs: &gt;1500 vulnerability features<BR />• E.g. exploit code available, RCE, CPE, CVSS vectors<BR />• Model: XGBoost (ensemble of decision trees with gradient&nbsp;boosting)<BR /><BR /><A href="https://www.first.org/epss/" target="_blank">https://www.first.org/epss/</A> for general information</P><P><A href="https://www.first.org/epss/api" target="_blank">https://www.first.org/epss/api</A> for API documentation<BR /><BR />More details on webinar :&nbsp;<A title="&quot;Vulnerability Intelligence, Three Ways&quot;" href="https://www.isc2.org/News-and-Events/Webinars/Security-Briefing?commid=578541&amp;?utm_campaign=communication_reminder_starting_now_registrants&amp;utm_medium=email&amp;utm_source=brighttalk-transact" target="_blank" rel="noopener"><SPAN>"Vulnerability Intelligence, Three Ways"</SPAN></A><BR /><BR /><A href="https://www.csoonline.com/article/3680570/epss-explained-how-does-it-compare-to-cvss.html" target="_blank">https://www.csoonline.com/article/3680570/epss-explained-how-does-it-compare-to-cvss.html</A></P> Wed, 03 May 2023 13:43:06 GMT Kyaw_Myo_Oo 2023-05-03T13:43:06Z Had you heard of/worked with EPSS (Exploit Prediction Scoring System) before? https://community.isc2.org/t5/Tech-Talk/Had-you-heard-of-worked-with-EPSS-Exploit-Prediction-Scoring/m-p/58879#M3904 <P>EPSS&nbsp;(Exploit Prediction Scoring System)<BR /><BR />• Open-source project led by RAND and Cyentia<BR />• Machine learning system designed to predict the likelihood&nbsp;of a given vulnerability being exploited<BR />• Explicitly trying to provide better intelligence than the Common Vulnerability Scoring System (CVSS)<BR />• Training inputs: past observations of CVE exploitation<BR />• Fortinet, Cisco, Greynoise, F5!<BR />• Runtime inputs: &gt;1500 vulnerability features<BR />• E.g. exploit code available, RCE, CPE, CVSS vectors<BR />• Model: XGBoost (ensemble of decision trees with gradient&nbsp;boosting)<BR /><BR /><A href="https://www.first.org/epss/" target="_blank">https://www.first.org/epss/</A> for general information</P><P><A href="https://www.first.org/epss/api" target="_blank">https://www.first.org/epss/api</A> for API documentation<BR /><BR />More details on webinar :&nbsp;<A title="&quot;Vulnerability Intelligence, Three Ways&quot;" href="https://www.isc2.org/News-and-Events/Webinars/Security-Briefing?commid=578541&amp;?utm_campaign=communication_reminder_starting_now_registrants&amp;utm_medium=email&amp;utm_source=brighttalk-transact" target="_blank" rel="noopener"><SPAN>"Vulnerability Intelligence, Three Ways"</SPAN></A><BR /><BR /><A href="https://www.csoonline.com/article/3680570/epss-explained-how-does-it-compare-to-cvss.html" target="_blank">https://www.csoonline.com/article/3680570/epss-explained-how-does-it-compare-to-cvss.html</A></P> Wed, 03 May 2023 13:43:06 GMT https://community.isc2.org/t5/Tech-Talk/Had-you-heard-of-worked-with-EPSS-Exploit-Prediction-Scoring/m-p/58879#M3904 Kyaw_Myo_Oo 2023-05-03T13:43:06Z