Exploitable Vulnerabilities

soos integrates with first org and cisa to pull in exploitable vulnerability data first org the https //www first org/epss/ is a measure of the probability that a vulnerability will be exploited soos uses epss to highlight exploitable cves in your sca, sbom, and container scans by displaying an indicator badge, as seen above identifying epss cves allows teams to more efficiently prioritize mitigation efforts epss score represents the likelihood of the vulnerability being exploited within the next 30 days epss percentile represents the percentage of all ranked cves that are scored lower than the given cve cisa kev the cisa https //www cisa gov/known exploited vulnerabilities catalog is a list of vulnerabilities that are known to cisa to be exploitable soos uses the presence of a kev entry to highlight exploitable cves in your sca, sbom, and container scans by displaying an indicator badge, as seen above identifying cves in the kev catalog allows teams to more efficiently prioritize mitigation efforts exploitable vulnerabilities in soos research pages the docid\ laojje8flnuj0k4onkru0 pages will indicate any exploitability details that are known