Sevco Glossary > Exploit Prediction Scoring System (EPSS)

Exploit Prediction Scoring System (EPSS)

EPSS is a framework designed to estimate the likelihood that a vulnerability will be exploited in the wild based on various risk factors, including the vulnerability’s characteristics and contextual data. EPSS was launched in 2021, with the current version (v3) released in 2023. It is a daily estimate of the probability of exploitation activity being observed over the next 30 days. 

According to FIRST, which manages EPSS (along with CVSS), the system is a “data-driven effort for estimating the likelihood (probability) that a software vulnerability will be exploited in the wild.” EPSS is not a replacement for CVSS, but complements CVSS. EPSS takes into consideration factors such as: the number of reference links associated with a CVE, the market share of the impacted software product, and industries and products that threat actors may be specifically targeting. EPSS does not measure the severity, but does measure exploitability.

Additional Resources

About Us

Sevco is the exposure assessment platform that finds, normalizes, prioritizes, and enables remediation of all types of vulnerabilities across an organization’s attack surface. Sevco integrates and centralizes asset data from siloed tools to provide real-time visibility into the devices, identities, software, vulnerabilities, and mitigating controls. Sevco enriches this asset data with threat intelligence and business context to provide the intelligence security teams require to confidently assess and prioritize risks, automate remediation workflows, and validate remediation efforts in order to mitigate threats.

BOOK Demo

Contact Info

Follow Us

Linkedin

Join Our Newsletter