"EPSS Vulnerability Scores Can Help Focus on Key Patches, Says Study"

According to a study by Rezilion, the new Machine Learning (ML)-based Exploit Prediction Scoring System (EPSS) can help overcome the limitations of existing vulnerability tracking systems. Researchers at Rezilion say that the leading vulnerability tracking systems, such as the Common Vulnerability Scoring System (CVSS) and the catalog of Known Exploited Vulnerabilities (KEV) maintained by the US Cybersecurity and Infrastructure Security Agency (CISA), do not effectively predict the severity and exploitability of a vulnerability. The study says that relying solely on a CVSS severity score to evaluate the risk of individual vulnerabilities is equivalent to randomly selecting vulnerabilities for remediation. This article continues to discuss points and findings from Rezilion's study regarding EPSS and issues with CVSS and KEV. 

CSO Online reports "EPSS Vulnerability Scores Can Help Focus on Key Patches, Says Study"