The Exploit Prediction Scoring System (EPSS) is a measure of the probability that a vulnerability will be exploited.  SOOS uses EPSS to highlight exploitable CVEs in your SCA scans by displaying an indicator badge, as seen below.  Identifying exploitable CVEs allows for Development teams to more efficiently prioritize mitigation efforts.

SOOS UI exploitability icon on issue detail view

Click the Research chip to access the SOOS research page for the CVE and view the Exploitability section displaying the EPSS score.

  • EPSS Score represents the likelihood of the vulnerability being exploited within the next 30 days.
  • EPSS Percentile represents the percentage of all ranked CVEs that are scored lower than the given CVE.

SOOS vulnerability research page Exploitability information

 

Have you heard about a newly identified exploitable vulnerability in the news?  Use the SOOS Security Dashboard to search for the corresponding CVE across all your projects to determine if you are at risk.