security

EPSS

Exploit Prediction Scoring System

Definition

EPSS is a data-driven model that estimates the probability a given CVE will be exploited in the wild within the next 30 days. Published daily by FIRST, EPSS scores help security teams prioritize remediation beyond CVSS severity alone — a high-CVSS vulnerability with low EPSS may be less urgent than a medium-CVSS one actively being exploited.

EPSS complements KEV for prioritization.

Related Terms

CVE

Common Vulnerabilities and Exposures

CVSS

Common Vulnerability Scoring System

KEV

Known Exploited Vulnerabilities Catalog

← Back to Glossary

Ship secure code faster

Crash Override integrates security into the developer workflow. No context switching, no waiting on reviews.

Talk to a Human See the Product