Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Kyaw_Myo_Oo
Contributor II
‎05-03-2023 09:43 AM
‎05-03-2023 09:43 AM

Had you heard of/worked with EPSS (Exploit Prediction Scoring System) before?

EPSS (Exploit Prediction Scoring System)

• Open-source project led by RAND and Cyentia
• Machine learning system designed to predict the likelihood of a given vulnerability being exploited
• Explicitly trying to provide better intelligence than the Common Vulnerability Scoring System (CVSS)
• Training inputs: past observations of CVE exploitation
• Fortinet, Cisco, Greynoise, F5!
• Runtime inputs: >1500 vulnerability features
• E.g. exploit code available, RCE, CPE, CVSS vectors
• Model: XGBoost (ensemble of decision trees with gradient boosting)

https://www.first.org/epss/ for general information

https://www.first.org/epss/api for API documentation

More details on webinar : "Vulnerability Intelligence, Three Ways"

https://www.csoonline.com/article/3680570/epss-explained-how-does-it-compare-to-cvss.html

Kyaw Myo Oo
Manager , CB BANK PCL
CCIE #58769 | PCNSE | CCSE | CISSP | PMP
Reply
0 Kudos
0 Replies