EPSS (Exploit Prediction Scoring System)
EPSS is a data-driven model from FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Scores range from 0 to 1 (0%–100%). EPSS helps prioritize patching by combining NVD data with real-world exploitation observations.
Frequently Asked Questions
What is EPSS (Exploit Prediction Scoring System)?
EPSS is a data-driven model from FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Scores range from 0 to 1 (0%–100%). EPSS helps prioritize patching by combining NVD data with real-world exploitation observations.
How is EPSS (Exploit Prediction Scoring System) related to CVSS (Common Vulnerability Scoring System)?
EPSS (Exploit Prediction Scoring System) and CVSS (Common Vulnerability Scoring System) are both key concepts in threat intelligence. CVSS is an open framework for communicating the severity of software vulnerabilities. A CVSS v3 base score from 0 to 10 reflects factors like attack vector, complexity, privileges required, and impact on confidentiality, integrity, and availability. Scores ≥ 9.0 are Critical; ≥ 7.0 are High.