For many years, software or hardware vulnerabilities have received a “severity score,” a rating of how much damage the vulnerability could cause if malicious actors exploited it. However, this severity score does not provide defenders with a crucial piece of information – what is the likelihood that vulnerability will be exploited? Given limited resources, network defenders would prioritize patching a moderate severity vulnerability with a high likelihood of exploitation over patching an extremely severe vulnerability with a very low likelihood of exploitation. The Exploit Prediction Scoring System attempts to fill this knowledge gap by providing an estimate of the likelihood that a given vulnerability will be exploited in the near future.
Join Michael Daniel, Sasha Romanosky (RAND Corporation), and Jay Jacobs (Cyentia) as they discuss EPSS and how it can help defenders, researchers, and policy makers in improving cybersecurity across our digital ecosystem.
Author: Cyber Threat Alliance
CTA Webinar – Solving Actionable Intelligence Through a Diverse Ecosystem
For decades we have been faced with the classic ‘last mile’ challenge when it comes to information sharing and threat intelligence. Often times an end user’s use case simply does not fit with what [...]
CTA Webinar – This shouldn’t be so hard: making cybersecurity more effective for everyone
Mention cybersecurity to most people and the reaction is rarely, “Oh, I understand what that’s about.” Instead, most [...]