Purpose: EPSS estimates the likelihood that a vulnerability will be exploited in the wild within the next 30 days. Higher Scores: Indicate a higher likelihood of exploitation.
Where the CVSS shows the severity of a vulnerability, the Exploit Prediction Scoring System (EPSS) estimates the likelihood that a vulnerability will be exploited in the next 30 days. This framework is also designed by FIRST and can help organizations prioritize which vulnerabilities need to be addressed first.
The EPSS uses a prediction model based on various factors to determine how likely a vulnerability will be exploited and generates a score for each vulnerability that ranges from 0-1. When used in conjunction with the CVSS score, the pentester can get a great idea of how much potential a vulnerability has to be successfully exploited.
vulnerabilityscoring #vulnerabilityscanning