The Exploit Prediction Scoring System (EPSS) is a data-driven effort for predicting when software vulnerabilities will be exploited. The goal of this effort is to assist network defenders in better prioritizing vulnerability remediation efforts and defend their networks. While other efforts have been useful for capturing innate characteristics of a vulnerability, and provide measures of severity, they are limited in their practical ability to assess threat. EPSS fills that gap because it uses current threat information, from CVE and real-world exploit data.
Read the full SIG charter at https://www.first.org/global/sigs/epss/