For many years, software or hardware vulnerabilities have received a “severity score,” a rating of how much damage the vulnerability could cause if malicious actors exploited it. However, this severity score does not provide defenders with a crucial piece of information – what is the likelihood that vulnerability will be exploited? Given limited resources, network defenders would prioritize patching a moderate severity vulnerability with a high likelihood of exploitation over patching an extremely severe vulnerability with a very low likelihood of exploitation. The Exploit Prediction Scoring System attempts to fill this knowledge gap by providing an estimate of the likelihood that a given vulnerability will be exploited in the near future.
Join Michael Daniel, Sasha Romanosky (RAND Corporation), and Jay Jacobs (Cyentia) as they discuss EPSS and how it can help defenders, researchers, and policy makers in improving cybersecurity across our digital ecosystem.
Author: Cyber Threat Alliance
CTA Webinar – Adapt your defenses: there are enough DDoS attack vectors to fill a Periodic Table
Adversaries constantly innovate and explore new and more powerful DDoS attack methods, called vectors, creating [...]
CTA Webinar – In The Crosshairs – How Geopolitics Can Increase Your DDOS Risk
Disputes relating to politics, religion, and ideology are often at the root of attack campaigns intended to disrupt the online capabilities of governments, companies, communities [...]
CTA Webinar – The NTT Security Holdings 2022 Global Threat Intelligence Report: A year of more sophisticated and substantial threats
Join CTA and NTT Security Holdings as we discuss the trends and insights from NTT’s 2022 Global Threat Intelligence Report. NTT’s Global Threat Intelligence Centre analysed security data across industries and to distil the key trends from attacks, malware, targeted technologies, and the resulting impact on various industries. NTT continues to [...]