English
Related papers

Related papers: Exploit Prediction Scoring System (EPSS)

200 papers
Enhancing Vulnerability Prioritization: Data-Driven Exploit Predictions with Community-Driven Insights

The number of disclosed vulnerabilities has been steadily increasing over the years. At the same time, organizations face significant challenges patching their systems, leading to a need to prioritize vulnerability remediation in order to…

Cryptography and Security · Computer Science 2023-06-19 Jay Jacobs , Sasha Romanosky , Octavian Suciu , Benjamin Edwards , Armin Sarabi
Efficacy of EPSS in High Severity CVEs found in KEV

The Exploit Prediction Scoring System (EPSS) is designed to assess the probability of a vulnerability being exploited in the next 30 days relative to other vulnerabilities. The latest version, based on a research paper published in arXiv,…

Cryptography and Security · Computer Science 2024-11-06 Rianna Parla
Conflicting Scores, Confusing Signals: An Empirical Study of Vulnerability Scoring Systems

Accurately assessing software vulnerabilities is essential for effective prioritization and remediation. While various scoring systems exist to support this task, their differing goals, methodologies and outputs often lead to inconsistent…

Cryptography and Security · Computer Science 2025-08-20 Viktoria Koscinski , Mark Nelson , Ahmet Okutan , Robert Falso , Mehdi Mirakhorli
Vulnerability Management Chaining: An Integrated Framework for Efficient Cybersecurity Risk Prioritization

As the number of Common Vulnerabilities and Exposures (CVE) continues to grow exponentially, security teams face increasingly difficult decisions about prioritization. Current approaches using Common Vulnerability Scoring System (CVSS)…

Cryptography and Security · Computer Science 2026-03-05 Naoyuki Shimizu , Masaki Hashimoto
Predicting Exploitation of Disclosed Software Vulnerabilities Using Open-source Data

Each year, thousands of software vulnerabilities are discovered and reported to the public. Unpatched known vulnerabilities are a significant security risk. It is imperative that software vendors quickly provide patches once vulnerabilities…

Cryptography and Security · Computer Science 2017-07-26 Benjamin L. Bullough , Anna K. Yanchenko , Christopher L. Smith , Joseph R. Zipkin
Vulnerability Prioritization: An Offensive Security Approach

Organizations struggle to handle sheer number of vulnerabilities in their cloud environments. The de facto methodology used for prioritizing vulnerabilities is to use Common Vulnerability Scoring System (CVSS). However, CVSS has inherent…

Cryptography and Security · Computer Science 2022-06-23 Muhammed Fatih Bulut , Abdulhamid Adebayo , Daby Sow , Steve Ocepek
Bridging the Gap Between Security Metrics and Key Risk Indicators: An Empirical Framework for Vulnerability Prioritization

Organisations overwhelmingly prioritize vulnerability remediation using Common Vulnerability Scoring System (CVSS) severity scores, yet CVSS classifiers achieve an Area Under the Precision-Recall Curve (AUPRC) of 0.011 on real-world…

Cryptography and Security · Computer Science 2026-03-16 Emad Sherif , Iryna Yevseyeva , Vitor Basto-Fernandes , Allan Cook
AEAS: Actionable Exploit Assessment System

Security practitioners face growing challenges in exploit assessment, as public vulnerability repositories are increasingly populated with inconsistent and low-quality exploit artifacts. Existing scoring systems, such as CVSS and EPSS,…

Cryptography and Security · Computer Science 2025-09-23 Xiangmin Shen , Wenyuan Cheng , Yan Chen , Zhenyuan Li , Yuqiao Gu , Lingzhi Wang , Wencheng Zhao , Dawei Sun , Jiashui Wang
SecScore: Enhancing the CVSS Threat Metric Group with Empirical Evidences

Background: Timely prioritising and remediating vulnerabilities are paramount in the dynamic cybersecurity field, and one of the most widely used vulnerability scoring systems (CVSS) does not address the increasing likelihood of emerging an…

Cryptography and Security · Computer Science 2024-05-15 Miguel Santana , Vinicius V. Cogo , Alan Oliveira de Sá
A Historical and Statistical Studyof the Software Vulnerability Landscape

Understanding the landscape of software vulnerabilities is key for developing effective security solutions. Fortunately, the evaluation of vulnerability databases that use a framework for communicating vulnerability attributes and their…

Cryptography and Security · Computer Science 2021-02-04 Assane Gueye , Peter Mell
My Software has a Vulnerability, should I worry?

(U.S) Rule-based policies to mitigate software risk suggest to use the CVSS score to measure the individual vulnerability risk and act accordingly: an HIGH CVSS score according to the NVD (National (U.S.) Vulnerability Database) is…

Cryptography and Security · Computer Science 2015-04-13 Luca Allodi , Fabio Massacci
The Effect of Security Education and Expertise on Security Assessments: the Case of Software Vulnerabilities

In spite of the growing importance of software security and the industry demand for more cyber security expertise in the workforce, the effect of security education and experience on the ability to assess complex software security problems…

Computers and Society · Computer Science 2018-08-21 Luca Allodi , Marco Cremonini , Fabio Massacci , Woohyun Shim
Accuracy of the Epic Sepsis Prediction Model in a Regional Health System

Interest in an electronic health record-based computational model that can accurately predict a patient's risk of sepsis at a given point in time has grown rapidly in the last several years. Like other EHR vendors, the Epic Systems…

Applications · Statistics 2019-02-21 Tellen Bennett , Seth Russell , James King , Lisa Schilling , Chan Voong , Nancy Rogers , Bonnie Adrian , Nicholas Bruce , Debashis Ghosh
Implementing Snort Intrusion Prevention System (IPS) for Network Forensic Analysis

The security trade confidentiality, integrity and availability are the main pillar of the information systems as every organization emphasize of the security. From last few decades, digital data is the main asset for every digital or…

Cryptography and Security · Computer Science 2023-08-29 Kashif Ishaq , Hafiz Ahsan Javed
Effectiveness of Intrusion Prevention Systems (IPS) in Fast Networks

Computer systems are facing biggest threat in the form of malicious data which causing denial of service, information theft, financial and credibility loss etc. No defense technique has been proved successful in handling these threats.…

Cryptography and Security · Computer Science 2010-06-24 Muhammad Imran Shafi , Muhammad Akram , Sikandar Hayat , Imran Sohail
Measuring the Sensitivity of Classification Models with the Error Sensitivity Profile

The quality of training data is critical to the performance of machine learning models. In this paper, the Error Sensitivity Profile (ESP) is proposed. It quantifies the sensitivity of model performance to errors in a single feature or in…

Machine Learning · Computer Science 2026-04-29 Andrea Maurino
Common Vulnerability Scoring System Prediction based on Open Source Intelligence Information Sources

The number of newly published vulnerabilities is constantly increasing. Until now, the information available when a new vulnerability is published is manually assessed by experts using a Common Vulnerability Scoring System (CVSS) vector and…

Cryptography and Security · Computer Science 2022-10-06 Philipp Kuehn , David N. Relke , Christian Reuter
Difficult Lessons on Social Prediction from Wisconsin Public Schools

Early warning systems (EWS) are predictive tools at the center of recent efforts to improve graduation rates in public schools across the United States. These systems assist in targeting interventions to individual students by predicting…

Computers and Society · Computer Science 2023-09-19 Juan C. Perdomo , Tolani Britton , Moritz Hardt , Rediet Abebe
Automatically Assessing Vulnerabilities Discovered by Compositional Analysis

Testing is the most widely employed method to find vulnerabilities in real-world software programs. Compositional analysis, based on symbolic execution, is an automated testing method to find vulnerabilities in medium- to large-scale…

Software Engineering · Computer Science 2018-07-25 Saahil Ognawala , Ricardo Nales Amato , Alexander Pretschner , Pooja Kulkarni
A Relevance Model for Threat-Centric Ranking of Cybersecurity Vulnerabilities

The relentless process of tracking and remediating vulnerabilities is a top concern for cybersecurity professionals. The key challenge is trying to identify a remediation scheme specific to in-house, organizational objectives. Without a…

Cryptography and Security · Computer Science 2024-06-11 Corren McCoy , Ross Gore , Michael L. Nelson , Michele C. Weigle
‹ Prev 1 2 3 10 Next ›