cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Kyaw_Myo_Oo
Contributor III

Had you heard of/worked with EPSS (Exploit Prediction Scoring System) before?

EPSS (Exploit Prediction Scoring System)

• Open-source project led by RAND and Cyentia
• Machine learning system designed to predict the likelihood of a given vulnerability being exploited
• Explicitly trying to provide better intelligence than the Common Vulnerability Scoring System (CVSS)
• Training inputs: past observations of CVE exploitation
• Fortinet, Cisco, Greynoise, F5!
• Runtime inputs: >1500 vulnerability features
• E.g. exploit code available, RCE, CPE, CVSS vectors
• Model: XGBoost (ensemble of decision trees with gradient boosting)

https://www.first.org/epss/ for general information

https://www.first.org/epss/api for API documentation

More details on webinar : "Vulnerability Intelligence, Three Ways"

https://www.csoonline.com/article/3680570/epss-explained-how-does-it-compare-to-cvss.html

Kyaw Myo Oo
Manager , CB BANK PCL
CCIE #58769 | PCNSE | CCSM | CISSP | PMP
0 Replies