amazee.io1d ago

Is your security team drowning in "critical" alerts that aren't actually exploitable?

🌊🧘‍♂️ Most teams treat dependency risk as a periodic task, but our webinar on April 8 shows you how to make it continuous.

We'll explore how #DependencyTrack uses #EPSS and #VEX to filter out the noise and prioritize the 10% of vulnerabilities that actually pose a threat to your production environment.

🔗 https://www.amazee.io/blog/post/live-uncover-hidden-vulnerabilities-with-dependency-track

gvip-project.orgFeb 27

We have scheduled the community meetings for March 2026. This is where you meet fellows working with the same issues, discuss and help us set our priorities for the project.

Register for free here: https://www.gvip-project.org/community/

#CVE #gcve #NVD #EUVD #CWE #CVSS #EPSS

HabrDec 30

Гадание на взломах. Предсказательная сила EPSS

В конце года принято подводить итоги и делать предсказания. Давайте совместим оба ритуала и посмотрим, насколько лучше эксперты СайберОК могли бы контролировать поверхность атак, если бы слепо верили в магию EPSS. Спойлер: контролировали бы не очень.

https://habr.com/ru/articles/981876/

#cve #vulnerability #эксплуатация_уязвимостей #epss #патчменеджмент #easm #киберугрозы

Гадание на взломах. Предсказательная сила EPSS

В конце года принято подводить итоги и делать предсказания. Давайте совместим оба ритуала и посмотрим, насколько лучше эксперты СайберОК могли бы контролировать поверхность атак, если бы слепо верили...

Хабр
secsolutionDec 15
CEI TS 50661:2008 - Guida tecnica per la protezione dei perimetri esterni (EPSS): La CEI TS 50661:2008 e’ una guida tecnica fondamentale per chi si occupa di progettazione, installazione e gestione di sistemi di sicurezza perimetrale esterna (EPSS...
#CIAS #CEITS50661:2008 #Guidatecnicaprotezioneperimetriesterni #EPSS #sicurezzaperimetrale http://dlvr.it/TPqGDT
Stephen ShafferNov 1

#EPSS gives us a lens into global exploit pressure.

But to further understand our vulnerability risk posture, we need to adjust that pressure through the lens of our own controls — and their measured effectiveness.

In my latest blog, I show you how to take EPSS asset-level exploit likelihoods (EPSSg) and update them with #Bayesian inference to reflect control effectiveness.

It’s a simple but powerful way to turn the Swiss cheese model from a metaphor into something measurable — a living model that evolves as new evidence arrives.

#cve #infosec

https://stephenshaffer.io/quantifying-swiss-cheese-the-bayesian-way-b2b512472d85

Giuseppe Di TerlizziSep 11, 2025

EPSS Timeseries Feed - https://github.com/giterlizzi/epss-time-series-feed

It provides a time series feed of the Exploit Prediction Scoring System (EPSS) values for every published CVE.

- EPSS is a key reference for estimating the likelihood of a vulnerability being exploited.
- Scores evolve over time, but accessing their full history isn't straightforward.
- With this repository, you can fetch the complete time series of EPSS scores for any CVE with a single cURL.

#EPSS #CVE #InfoSec

GitHub - giterlizzi/epss-time-series-feed: EPSS time-series feed

EPSS time-series feed. Contribute to giterlizzi/epss-time-series-feed development by creating an account on GitHub.

GitHub
All Things OpenJul 14, 2025

🚀 NEW on We ❤️ Open Source 🚀

Nigel Douglas explains why CVSS scores alone don’t cut it anymore. Learn how EPSS, VEX, SSVC & reachability analysis provide real-world prioritization.

Read more: https://allthingsopen.org/articles/vulnerability-prioritization-beyond-cvss

#WeLoveOpenSource #Cybersecurity #EPSS #OpenSourceSecurity #VulnerabilityManagement #DevSecOps

CodeClarityJul 8, 2025

🚨 Stay Ahead with CodeClarity’s EPSS! 🚨

The Exploit Prediction Scoring System predicts which vulnerabilities are likely to be exploited in the next 30 days. Focus on what matters—patch high-score issues ASAP to keep systems secure.

No guesswork—just data-driven insights to protect your org.

#cybersecurity #EPSS #VulnerabilityManagement #OpenSource #CodeClarity

Finite StateJun 30, 2025

🚨 New Feature: Reachability Analysis is here!

Powered by #EPSS & curated exploit intel, detect which vulns are actually exploitable from potential attack points & cut through the CVE noise.

Learn more 👉https://finitestate.io/request-demo

#VulnerabilityManagement #ExploitIntelligence

Request Demo

Book a demo with Finite State to see how our platform secures your software supply chain with advanced risk detection, binary SCA, SBOMs, & more.

FIRST.orgJun 11, 2025

🌍 In this week's "Improving Security Across Nations with FIRST" video series, we spotlight Jay Jacobs, FIRST EPSS SIG Co-Chair and Chief Data Scientist at Empirical Security.

He shares how predictive models are transforming vulnerability management:

🎯 EPSS evolution - Co-developed the Exploit Prediction Scoring System, now scoring over 271,000 CVEs and integrated by 100+ companies

📊 Predictive intelligence - Created models that estimate exploitation probability over the next 30 days, helping security teams focus remediation efforts where they matter most

🤖 Data-driven approach - Leveraging complex analysis of exploit code, vulnerability attributes, and threat patterns to transform how organizations assess risk

Watch to learn how Jay's pioneering work with FIRST advances global vulnerability prioritization: https://go.first.org/Zqj6Z

#CyberDefense #cybersecurity #EPSS

Improving Security Across Nations with FIRST: Jay Jacobs, FIRST EPSS SIG Co-Chair

YouTube