Draft:Exploit Prediction Scoring System

Submission declined on 12 April 2025 by AstrooKai (talk). This draft includes a list of general references, but it lacks sufficient corresponding inline citations. Please improve this article by introducing more precise citations. If you would like to continue working on the submission, click on the "Edit" tab at the top of the window. If you have not resolved the issues listed above, your draft will be declined again and potentially deleted. If you need extra help, please ask us a question at the AfC Help Desk or get live help from experienced editors. Please do not remove reviewer comments or this notice until the submission is accepted. Where to get help If you need help editing or submitting your draft, please ask us a question at the AfC Help Desk or get live help from experienced editors. These venues are only for help with editing and the submission process, not to get reviews. If you need feedback on your draft, or if the review is taking a lot of time, you can try asking for help on the talk page of a relevant WikiProject. Some WikiProjects are more active than others so a speedy reply is not guaranteed. How to improve a draft Wikipedia:Contributing to Wikipedia – a basic overview on how to edit Wikipedia. Help:Wikitext – how to use the markup Help:Referencing for beginners – how to include references Wikipedia:Article development – how to develop your article Wikipedia:Writing better articles – how to improve your article Wikipedia:Verifiability – make sure your article includes reliable third-party sources You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article. Improving your odds of a speedy review To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags. Add tags to your draft Editor resources Easy tools: Citation bot (help) | Advanced: Fix bare URLs Declined by AstrooKai 53 days ago. Last edited by Saeedabbasi2025 52 days ago. Reviewer: Inform author. Resubmit Please note that if the issues are not fixed, the draft will be declined again.

Submission declined on 12 April 2025 by AstrooKai (talk). This draft includes a list of general references, but it lacks sufficient corresponding inline citations. Please improve this article by introducing more precise citations. If you would like to continue working on the submission, click on the "Edit" tab at the top of the window. If you have not resolved the issues listed above, your draft will be declined again and potentially deleted. If you need extra help, please ask us a question at the AfC Help Desk or get live help from experienced editors. Please do not remove reviewer comments or this notice until the submission is accepted. Where to get help If you need help editing or submitting your draft, please ask us a question at the AfC Help Desk or get live help from experienced editors. These venues are only for help with editing and the submission process, not to get reviews. If you need feedback on your draft, or if the review is taking a lot of time, you can try asking for help on the talk page of a relevant WikiProject. Some WikiProjects are more active than others so a speedy reply is not guaranteed. How to improve a draft Wikipedia:Contributing to Wikipedia – a basic overview on how to edit Wikipedia. Help:Wikitext – how to use the markup Help:Referencing for beginners – how to include references Wikipedia:Article development – how to develop your article Wikipedia:Writing better articles – how to improve your article Wikipedia:Verifiability – make sure your article includes reliable third-party sources You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article. Improving your odds of a speedy review To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags. Add tags to your draft Editor resources Easy tools: Citation bot (help) | Advanced: Fix bare URLs Declined by AstrooKai 53 days ago. Last edited by Saeedabbasi2025 52 days ago. Reviewer: Inform author. Resubmit Please note that if the issues are not fixed, the draft will be declined again.

Exploit Prediction Scoring System (EPSS) is an open, data-driven risk metric that estimates the probability a publicly disclosed software vulnerability will be exploited in the wild within the next 30 days.^[1] Managed by the Forum of Incident Response and Security Teams (FIRST), EPSS complements the severity-focused Common Vulnerability Scoring System (CVSS) by prioritizing vulnerabilities according to real-world exploitation likelihood.^[1]

EPSS produces a numerical probability between 0 and 1 (expressed as 0–100%) for every Common Vulnerabilities and Exposures (CVE) identifier listed in the National Vulnerability Database (NVD).^[1] A higher score indicates a greater chance that the vulnerability will be targeted by threat actors during the next month.^[1] Scores are recalculated and published daily as a downloadable data set and through an API.^[2]

The Exploit Prediction Scoring System (EPSS) is a data-driven effort for estimating the likelihood that a software vulnerability will be exploited in the wild.^[1] Its goal is to help network defenders prioritize remediation.^[1] EPSS uses current threat information from CVE and real-world exploit data to produce a probability score between 0 and 1 (0–100%).^[3] The higher the score, the greater the probability that a vulnerability will be exploited.^[3]

Version 4 (current) – released 17 March 2025^[1] Version 3 – released 7 March 2023^[4] Major update – 4 February 2022^[4] First public scores – 7 January 2021^[4] EPSS SIG formed at FIRST – April 2020^[1] Original EPSS model presented at Black Hat – 2019^[5]

EPSS publishes scores for all CVEs in a public state.^[2] The EPSS-SIG aims to improve the maturity of data collection and analysis to provide near-real-time assessments of all publicly disclosed vulnerabilities.^[1] This requires partnerships with data providers and infrastructure for a publicly accessible interface to EPSS scores.^[1] Multiple open and commercial datasets are ingested, including data identifying instances of actual exploitation (e.g., intrusion-detection systems, honeypots, network observatories, malware analysis, and other sensor networks).^[3]

Black Hat 2019 – The original concept and prototype were presented by researchers Michael Roytman, Jay Jacobs, and Sasha Romanosky.^[5]

April 2020 – FIRST chartered the EPSS Special Interest Group (SIG) to develop the model collaboratively with industry and academia.^[1]

7 January 2021 – Public publication of daily EPSS scores began (model v1).^[4]

4 February 2022 – Version 2 incorporated additional telemetry sources and algorithmic improvements.^[4]

7 March 2023 – Version 3 introduced gradient-boosted decision trees and expanded feature sets.^[4]

17 March 2025 – Version 4 became the current model, adding contextual threat-intelligence feeds and performance gains.^[1]

EPSS employs supervised machine-learning, currently using gradient-boosted trees, trained on historical exploitation events.^[3] Predictive features include:

CVSS base metrics (attack vector, privileges required, etc.)^[3] Availability of exploit code in public repositories or exploit kits^[3] Mentions in security advisories and social-media telemetry^[3] Presence of the CVE in malware campaigns or botnet traffic^[3] The model is retrained periodically to incorporate new data sources and adversary behavior.^[3] Performance is measured using area under the precision-recall curve (AUPRC) against a ground-truth set of confirmed exploitation incidents.^[3]

EPSS scores are decile-ranked: the top 1% of scores historically accounts for roughly 80% of observed exploitation activity.^[2] FIRST recommends prioritizing remediation for CVEs above the 0.5 probability threshold, though organizations may choose bespoke cut-offs based on risk appetite.^[1]

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) encourages network defenders to use EPSS alongside its Known Exploited Vulnerabilities Catalog when triaging patches.^[6] Major vulnerability-management platforms, such as Rapid7, Tenable, and Qualys, integrate EPSS scores to drive risk-based patching workflows.^[5] Academic research has leveraged EPSS to model exploit trends and evaluate proactive defenses.^[7]

While CVSS quantifies the technical severity of a vulnerability, EPSS predicts exploitation likelihood.^[3] Combining EPSS with CVSS can align remediation efforts with actual threat activity.^[8]

Common Vulnerability Scoring System (CVSS) Stakeholder-Specific Vulnerability Categorization (SSVC) National Vulnerability Database (NVD)

Official website