FAQ

For CISOs and SOC teams, EPSS offers objective and dynamic decision support. It allows filtering vulnerabilities detected by scanners based on their probability of exploitation, which reduces the workload of teams and improves the relevance of alerts. EPSS is particularly useful in environments where the volume of CVEs is high and resources are limited.

By integrating EPSS into vulnerability management tools, SIEMs, or security dashboards, CISOs can better communicate with management by prioritizing actions based on real and measurable risk, rather than a simple theoretical score.

EPSS scores are updated daily, reflecting the dynamic nature of threats and vulnerability exploitation. At any time, a change in the attack landscape (exploit publication, forum discussion, detection in honeypots) can cause the probability of a CVE being targeted to vary.

This frequent updating makes EPSS a more reactive tool than CVSS, whose scores rarely change once published. To take full advantage of EPSS, it is therefore recommended to integrate automated feeds or APIs to track scores continuously.

The EPSS model is developed and maintained by the FIRST (Forum of Incident Response and Security Teams) community, in collaboration with researchers, data analysts, and cybersecurity professionals. It is an open and collaborative project, with publicly documented methods and regularly updated results.

This model is based on massive statistical data and machine learning techniques. It is designed to be transparent, reproducible, and freely accessible, making it a reliable tool suitable for the operational needs of security teams, even outside the American or governmental scope.