Draft:Exploit Prediction Scoring System

Review waiting, please be patient. This may take 3 months or more, since drafts are reviewed in no specific order. There are 2,834 pending submissions waiting for review. If the submission is accepted, then this page will be moved into the article space. If the submission is declined, then the reason will be posted here. In the meantime, you can continue to improve this submission by editing normally. Where to get help If you need help editing or submitting your draft, please ask us a question at the AfC Help Desk or get live help from experienced editors. These venues are only for help with editing and the submission process, not to get reviews. If you need feedback on your draft, or if the review is taking a lot of time, you can try asking for help on the talk page of a relevant WikiProject. Some WikiProjects are more active than others so a speedy reply is not guaranteed. How to improve a draft Wikipedia:Contributing to Wikipedia – a basic overview on how to edit Wikipedia. Help:Wikitext – how to use the markup Help:Referencing for beginners – how to include references Wikipedia:Article development – how to develop your article Wikipedia:Writing better articles – how to improve your article Wikipedia:Verifiability – make sure your article includes reliable third-party sources You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article. Improving your odds of a speedy review To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags. Add tags to your draft Editor resources Easy tools: Citation bot (help) | Advanced: Fix bare URLs Reviewer tools Instructions · What links here · Exploit Prediction Scoring System (talk: + · bio) · (log) · Copyvios report · reFill · Citation Bot · (Search: Google, Wikipedia) · Submitted 41 minutes ago by Saeedabbasi2025 (talk: D · +) · Last edited 5 seconds ago by Citation bot

Submission declined on 14 April 2025 by Asilvering (talk). This draft's references do not show that the subject qualifies for a Wikipedia article. In summary, the draft needs multiple published sources that are: in-depth (not just passing mentions about the subject) reliable secondary independent of the subject Make sure you add references that meet these criteria before resubmitting. Learn about mistakes to avoid when addressing this issue. If no additional references exist, the subject is not suitable for Wikipedia. If you would like to continue working on the submission, click on the "Edit" tab at the top of the window. If you have not resolved the issues listed above, your draft will be declined again and potentially deleted. If you need extra help, please ask us a question at the AfC Help Desk or get live help from experienced editors. Please do not remove reviewer comments or this notice until the submission is accepted. Where to get help If you need help editing or submitting your draft, please ask us a question at the AfC Help Desk or get live help from experienced editors. These venues are only for help with editing and the submission process, not to get reviews. If you need feedback on your draft, or if the review is taking a lot of time, you can try asking for help on the talk page of a relevant WikiProject. Some WikiProjects are more active than others so a speedy reply is not guaranteed. How to improve a draft Wikipedia:Contributing to Wikipedia – a basic overview on how to edit Wikipedia. Help:Wikitext – how to use the markup Help:Referencing for beginners – how to include references Wikipedia:Article development – how to develop your article Wikipedia:Writing better articles – how to improve your article Wikipedia:Verifiability – make sure your article includes reliable third-party sources You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article. Improving your odds of a speedy review To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags. Add tags to your draft Editor resources Easy tools: Citation bot (help) | Advanced: Fix bare URLs Declined by Asilvering 13 hours ago. Last edited by Citation bot 5 seconds ago. Reviewer: Inform author. This draft has been resubmitted and is currently awaiting re-review.

Submission declined on 12 April 2025 by AstrooKai (talk). This draft includes a list of general references, but it lacks sufficient corresponding inline citations. Please improve this article by introducing more precise citations. Declined by AstrooKai 2 days ago.

Submission declined on 12 April 2025 by AstrooKai (talk). This draft includes a list of general references, but it lacks sufficient corresponding inline citations. Please improve this article by introducing more precise citations. Declined by AstrooKai 2 days ago.

Exploit Prediction Scoring System (EPSS) is an open, data‐driven risk metric that estimates the probability a publicly disclosed software vulnerability will be exploited in the wild within the next 30 days.^[1] Managed by the Forum of Incident Response and Security Teams (FIRST), EPSS complements the severity‐focused Common Vulnerability Scoring System (CVSS) by prioritizing vulnerabilities according to real‑world exploitation likelihood.^[1]

EPSS produces a numerical probability between 0 and 1 (expressed as 0–100%) for every Common Vulnerabilities and Exposures (CVE) identifier listed in the National Vulnerability Database (NVD).^[1] A higher score indicates a greater chance that the vulnerability will be targeted by threat actors during the next month.^[1] Scores are recalculated and published daily as a downloadable data set and through an API.^[2]

The Exploit Prediction Scoring System (EPSS) is a data‐driven effort for estimating the likelihood that a software vulnerability will be exploited in the wild.^[1] Its goal is to help network defenders prioritize remediation.^[1] EPSS uses current threat information from CVE and real‑world exploit data to produce a probability score between 0 and 1 (0–100%).^[3] The higher the score, the greater the probability that a vulnerability will be exploited.^[3]

Version 4 (current) – released 17 March 2025^[1] Version 3 – released 7 March 2023^[4] Major update – 4 February 2022^[4] First public scores – 7 January 2021^[4] EPSS SIG formed at FIRST – April 2020^[1] Original EPSS model presented at Black Hat – 2019^[5]

EPSS publishes scores for all CVEs in a public state.^[2] The EPSS‐SIG aims to improve the maturity of data collection and analysis to provide near‐real‑time assessments of all publicly disclosed vulnerabilities.^[1] This requires partnerships with data providers and infrastructure for a publicly accessible interface to EPSS scores.^[1] Multiple open and commercial datasets are ingested, including data identifying instances of actual exploitation (e.g., intrusion-detection systems, honeypots, network observatories, malware analysis, and other sensor networks).^[3]

Black Hat 2019 – The original concept and prototype were presented by researchers Michael Roytman, Jay Jacobs, and Sasha Romanosky.^[5]

April 2020 – FIRST chartered the EPSS Special Interest Group (SIG) to develop the model collaboratively with industry and academia.^[1]

7 January 2021 – Public publication of daily EPSS scores began (model v1).^[4]

4 February 2022 – Version 2 incorporated additional telemetry sources and algorithmic improvements.^[4]

7 March 2023 – Version 3 introduced gradient‑boosted decision trees and expanded feature sets.^[4]

17 March 2025 – Version 4 became the current model, adding contextual threat‑intelligence feeds and performance gains.^[1]

EPSS employs supervised machine‑learning, currently using gradient‑boosted trees, trained on historical exploitation events.^[3] Predictive features include:

• CVSS base metrics (attack vector, privileges required, etc.)^[3]
• Availability of exploit code in public repositories or exploit kits^[3]
• Mentions in security advisories and social‑media telemetry^[3]
• Presence of the CVE in malware campaigns or botnet traffic^[3]
• The model is retrained periodically to incorporate new data sources and adversary behavior.^[3]

Performance is measured using area under the precision‑recall curve (AUPRC) against a ground‑truth set of confirmed exploitation incidents.^[3]

EPSS scores are decile‑ranked: the top 1% of scores historically accounts for roughly 80% of observed exploitation activity.^[2] FIRST recommends prioritizing remediation for CVEs above the 0.5 probability threshold, though organizations may choose bespoke cut‑offs based on risk appetite.^[1]

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) encourages network defenders to use EPSS alongside its Known Exploited Vulnerabilities Catalog when triaging patches.^[6] Major vulnerability‑management platforms, such as Rapid7, Tenable, and Qualys, integrate EPSS scores to drive risk‑based patching workflows.^[5] Academic research has leveraged EPSS to model exploit trends and evaluate proactive defenses.^[7]

While CVSS quantifies the technical severity of a vulnerability, EPSS predicts exploitation likelihood.^[3] Combining EPSS with CVSS can align remediation efforts with actual threat activity.^[8]

• Common Vulnerability Scoring System (CVSS)
• Stakeholder-Specific Vulnerability Categorization (SSVC)
• National Vulnerability Database (NVD)

Official website

^[9]

^[10]

^[11]

^[12]

^[13]

^[14]

^[15]

^[16]

^[17]

^[4]

^[3]

^[18]

^[19]

^[1]

^[20]

^[21]