Exploit Prediction Scoring System (EPSS)

What is Exploit Prediction Scoring System (EPSS)

The Exploit Prediction Scoring System (EPSS) is a framework developed by the United States National Security Agency (NSA) to assess and prioritize software vulnerabilities based on the likelihood that they will be exploited by attackers.

EPSS uses various factors to calculate a score for each vulnerability, such as the complexity of the vulnerability, the level of access required to exploit it, the existence of publicly available exploit code, and the prevalence of the affected software.

The EPSS score can help organizations prioritize which vulnerabilities to patch first, based on the potential impact to their systems and the likelihood of an attack.

EPSS is part of the NSA's broader effort to improve cybersecurity by sharing information and tools with other organizations in the public and private sectors.