Saved in:
Bibliographic Details
Main Author: Parla, Rianna
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2411.02618
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866929576486109184
author Parla, Rianna
author_facet Parla, Rianna
contents The Exploit Prediction Scoring System (EPSS) is designed to assess the probability of a vulnerability being exploited in the next 30 days relative to other vulnerabilities. The latest version, based on a research paper published in arXiv, assists defenders in deciding which vulnerabilities to prioritize for remediation. This study evaluates EPSS's ability to predict exploitation before vulnerabilities are actively compromised, focusing on high severity CVEs that are known to have been exploited and included in the CISA KEV catalog. By analyzing EPSS score history, the availability and simplicity of exploits, the system's purpose, its value as a target for Threat Actors (TAs), this paper examines EPSS's potential and identifies areas for improvement.
format Preprint
id arxiv_https___arxiv_org_abs_2411_02618
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle Efficacy of EPSS in High Severity CVEs found in KEV
Parla, Rianna
Cryptography and Security
The Exploit Prediction Scoring System (EPSS) is designed to assess the probability of a vulnerability being exploited in the next 30 days relative to other vulnerabilities. The latest version, based on a research paper published in arXiv, assists defenders in deciding which vulnerabilities to prioritize for remediation. This study evaluates EPSS's ability to predict exploitation before vulnerabilities are actively compromised, focusing on high severity CVEs that are known to have been exploited and included in the CISA KEV catalog. By analyzing EPSS score history, the availability and simplicity of exploits, the system's purpose, its value as a target for Threat Actors (TAs), this paper examines EPSS's potential and identifies areas for improvement.
title Efficacy of EPSS in High Severity CVEs found in KEV
topic Cryptography and Security
url https://arxiv.org/abs/2411.02618