"New Vulnerability Risk Model Promises More-Efficient Security"

Michael Roytman, chief data scientist at Kenna Security, and Jay Jacobs, a security data scientist at the Cyentia Institute, gave a presentation at the 2019 Black Hat security conference in which they discussed a Predictive Vulnerability Scoring System. They further highlighted the challenge of prioritizing vulnerabilities. Organizations must be able to identify the vulnerabilities that pose the greatest risk to their most critical systems. Roytman and Jacobs have developed a methodology, called the Exploit Prediction System (EPSS), which improves upon remediation prioritization by using different factors such as the CVE, CVSS score, exploits in the wild, and more, to predict whether a vulnerability has a high chance of being exploited or not. This article continues to discuss the difficultly in managing vulnerabilities and how the Exploit Prediction Scoring System (EPSS) improves this management. 

Dark Reading reports "New Vulnerability Risk Model Promises More-Efficient Security"