A Deep-dive into Exploit Prediction Scoring System (EPSS) — Part 1

In today’s rapidly evolving cyber landscape, vulnerability management — a practice of identifying, prioritising, and remediating known software vulnerabilities — has been a continuous challenge for organisations.

The issue could be attributed to an increasing number of vulnerabilities identified annually, with a 24.3% increase in 2022 and a 15.6% increase in 2023 over previous years. This rise in published vulnerabilities can be attributed to several factors, such as —

• the digital transformation has made software more ubiquitous;
• the speed of innovation may inadvertently introduce more vulnerabilities; and
• the growing vigilance of the cybersecurity community has exposed more vulnerabilities.

The issue is exacerbated by the shortage of skilled cybersecurity professionals. With increasing awareness of software vulnerabilities and limited capacity to remediate them, vulnerability prioritisation and remediation have become both chronic and acute concerns for organisations attempting to reduce their attack surface.

On one hand, there is a possibility to remediate all vulnerabilities, providing maximum coverage but at the expense of low efficiency. On the other hand, there is a possibility to remediate certain…