We have scheduled the community meetings for March 2026. This is where you meet fellows working with the same issues, discuss and help us set our priorities for the project.

Register for free here: https://www.gvip-project.org/community/

#CVE #gcve #NVD #EUVD #CWE #CVSS #EPSS

Гадание на взломах. Предсказательная сила EPSS

В конце года принято подводить итоги и делать предсказания. Давайте совместим оба ритуала и посмотрим, насколько лучше эксперты СайберОК могли бы контролировать поверхность атак, если бы слепо верили в магию EPSS. Спойлер: контролировали бы не очень.

https://habr.com/ru/articles/981876/

#cve #vulnerability #эксплуатация_уязвимостей #epss #патчменеджмент #easm #киберугрозы

#EPSS gives us a lens into global exploit pressure.

But to further understand our vulnerability risk posture, we need to adjust that pressure through the lens of our own controls — and their measured effectiveness.

In my latest blog, I show you how to take EPSS asset-level exploit likelihoods (EPSSg) and update them with #Bayesian inference to reflect control effectiveness.

It’s a simple but powerful way to turn the Swiss cheese model from a metaphor into something measurable — a living model that evolves as new evidence arrives.

#cve #infosec

https://stephenshaffer.io/quantifying-swiss-cheese-the-bayesian-way-b2b512472d85

EPSS Timeseries Feed - https://github.com/giterlizzi/epss-time-series-feed

It provides a time series feed of the Exploit Prediction Scoring System (EPSS) values for every published CVE.

- EPSS is a key reference for estimating the likelihood of a vulnerability being exploited.
- Scores evolve over time, but accessing their full history isn't straightforward.
- With this repository, you can fetch the complete time series of EPSS scores for any CVE with a single cURL.

#EPSS #CVE #InfoSec

🚀 NEW on We ❤️ Open Source 🚀

Nigel Douglas explains why CVSS scores alone don’t cut it anymore. Learn how EPSS, VEX, SSVC & reachability analysis provide real-world prioritization.

Read more: https://allthingsopen.org/articles/vulnerability-prioritization-beyond-cvss

#WeLoveOpenSource #Cybersecurity #EPSS #OpenSourceSecurity #VulnerabilityManagement #DevSecOps

🚨 Stay Ahead with CodeClarity’s EPSS! 🚨

The Exploit Prediction Scoring System predicts which vulnerabilities are likely to be exploited in the next 30 days. Focus on what matters—patch high-score issues ASAP to keep systems secure.

No guesswork—just data-driven insights to protect your org.

#cybersecurity #EPSS #VulnerabilityManagement #OpenSource #CodeClarity

🚨 New Feature: Reachability Analysis is here!

Powered by #EPSS & curated exploit intel, detect which vulns are actually exploitable from potential attack points & cut through the CVE noise.

Learn more 👉https://finitestate.io/request-demo

#VulnerabilityManagement #ExploitIntelligence

🌍 In this week's "Improving Security Across Nations with FIRST" video series, we spotlight Jay Jacobs, FIRST EPSS SIG Co-Chair and Chief Data Scientist at Empirical Security.

He shares how predictive models are transforming vulnerability management:

🎯 EPSS evolution - Co-developed the Exploit Prediction Scoring System, now scoring over 271,000 CVEs and integrated by 100+ companies

📊 Predictive intelligence - Created models that estimate exploitation probability over the next 30 days, helping security teams focus remediation efforts where they matter most

🤖 Data-driven approach - Leveraging complex analysis of exploit code, vulnerability attributes, and threat patterns to transform how organizations assess risk

Watch to learn how Jay's pioneering work with FIRST advances global vulnerability prioritization: https://go.first.org/Zqj6Z

#CyberDefense #cybersecurity #EPSS