What is the EPSS scoring system?

  • EPSS can be used in conjunction with an existing CVSS score as this can be used to characterize vulnerabilities into different levels and EPSS can help in prioritizing them by finding out whether the vulnerability has the potential to create damage to the system.
  • It can be used in risk acceptance as it is calculated by multiplying the risk by the probability of an impact of that risk so instead of identifying the impact of a risk, we can use the EPSS score to calculate this value and prioritize the vulnerability accordingly.
  1. EPSS score: 91.3%
  • The EPSS scoring method does not fully quantify risk; it just provides estimations of dangers.
  • Only vulnerabilities with CVE identifiers are taken into account because they serve as a standard identification method used by all of our different data sources. As a result, we disregard further software (or hardware) bugs or configuration errors that could possibly be exploited.
  • Revealing details about which vulnerabilities are more likely to be exploited, may alter the strategic behavior of malicious hackers, who might then choose to exploit vulnerabilities that are less likely to be noticed and detected and artificially change the ecosystem of vulnerability exploits.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
SecOps Solution

SecOps Solution

Identifying top 1% Vulnerabilities in enterprise tech stack