Exploit Prediction Scoring System, EPSS, FAQ

Who assigns EPSS scores?
CVEdetails.com utilizes EPSS scores provided by FIRST. Please see https://www.first.org/epss/ for more information.
How often do you update EPSS scores?
EPSS scores are downloaded from https://www.first.org/epss/data_stats and processed every day. A new EPSS score history record is created when the EPSS score for a CVE changes with respect to the previous day. Changes in percentiles are ignored as they change everyday, because a change in a single EPSS score affects every other EPSS percentile.
Why are EPSS scores different from the ones published on First website?
EPSS scoring model produces a probability score between 0 and 1. The higher the score, the greater the probability that a vulnerability will be exploited.
CVEdetails.com converts scores between 0 to 1 to percentage values between 0 and 100 for your convenience, as they are easier to read than 5 digit decimals. We also round EPSS scores to two decimal places.
This web site uses cookies for managing your session and website analytics (Google analytics) purposes as described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!