Vulnerability Prioritization: An Insider’s Guide to the EPSS Scoring System

Logo
Presented by

Jay Jacobs, EPSS Co-Chair

About this talk

To help break through CVE noise and focus on high-impact, exploitable issues, a growing number of security teams have started to consider additional inputs for prioritizing vulnerabilities. Among them is EPSS (the Exploit Prediction Scoring System), which measures how likely a particular vulnerability is to be exploited in the wild. EPSS scores can be used alongside CVSS scores, reachability analysis, and VEX information to facilitate effective vulnerability prioritization. We’d invite you to join Jay Jacobs — EPSS co-chair and creator — in our upcoming webinar to learn best practices for using EPSS in your organization's vulnerability management program. Topics will include: -Details of the EPSS data model -Benefits of using EPSS -How EPSS differs from other vulnerability scoring systems like CVSS, SSVC, and the new VISS (Vulnerability Impact Scoring System) -Strategies for using EPSS scores alongside other inputs to effectively prioritize vulnerabilities
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (60)
Subscribers (6363)
Up to 90% of any piece of software is from open source, creating countless dependencies and areas of risk to manage. FOSSA is the most reliable automated policy engine for vulnerability management, license compliance, and code quality across the open source stack. With FOSSA, engineering, security, and legal teams all get complete and continuous risk mitigation for the entire software supply chain, integrated into each of their existing workflows.