EPSS: Data-Driven Vulnerability Remediation presented at SecureWorldTwinCities 2019

by Dr. Ben Edwards,

Summary : Keeping up with vulnerability remediation is a universal challenge experienced by every organization. The onslaught of reported and discovered vulnerabilities makes prioritization essential and the lack of clear feedback makes prioritization tricky. CVSS is the de factor approach to ease the complexities of prioritization, but CVSS has largely gone unmeasured and unchallenged… until now. This talk begins with data on tens of thousands of vulnerabilities and combines billions of real-world exploitation events to both measure the performance of CVSS and to build a data-driven solution for the prioritization of vulnerability remediation efforts we call the Exploit Prediction Scoring System (EPSS).