"The EPSS (Exploit Prediction Scoring System) Model is an open, data-driven effort for estimating the likelihood (probability) that a software vulnerability will be exploited in the wild."
Traditionally, security teams spend a lot of time reporting and acting on CVSS scores for specific CVEs. Disclosing these vulnerabilities is important, and scoring their severity is an excellent metric some prioritization decisions. _However, severity alone isn't everything. The EPSS provides likely exploitability context for security personnel to make better decisions.
A scary monster with no teeth, isn't all that scary after all! 😎
- Quote: https://www.first.org/epss/
- Credit: https://www.first.org/epss/model
The public EPSS API: https://api.first.org/data/v1/epss?cve=CVE-2022-27225
Where to find these CVEs? https://cve.mitre.org/cve/
- Public CVE API: https://www.cve-search.org/api/