Exploit Prediction Scoring System, EPSS, FAQ
- Who assigns EPSS scores?
- CVEdetails.com utilizes EPSS scores provided by FIRST. Please see https://www.first.org/epss/ for more information.
- How often do you update EPSS scores?
- EPSS scores are downloaded from https://www.first.org/epss/data_stats and processed every day. A new EPSS score history record is created when the EPSS score for a CVE changes with respect to the previous day. Changes in percentiles are ignored as they change everyday, because a change in a single EPSS score affects every other EPSS percentile.
- Why are EPSS scores different from the ones published on First website?
EPSS scoring model produces a probability score between 0 and 1.
The higher the score, the greater the probability that a vulnerability will be exploited.
CVEdetails.com converts scores between 0 to 1 to percentage values between 0 and 100 for your convenience, as they are easier to read than 5 digit decimals. We also round EPSS scores to two decimal places.