Exploitable Vulnerabilities

soos integrates with first org and cisa to pull in exploitable vulnerability data first org the exploit prediction scoring system (epss) is a measure of the probability that a vulnerability will be exploited soos uses epss to highlight exploitable cves in your sca, sbom, and container scans by displaying an indicator badge, as seen above identifying epss cves allows teams to more efficiently prioritize mitigation efforts epss score represents the likelihood of the vulnerability being exploited within the next 30 days epss percentile represents the percentage of all ranked cves that are scored lower than the given cve cisa kev the cisa known exploitability vulnerabilities catalog (kev) is a list of vulnerabilities that are know to cisa to be exploitable soos uses the presence of a kev entry to highlight exploitable cves in your sca, sbom, and container scans by displaying an indicator badge, as seen above identifying cves in the kev catalog allows teams to more efficiently prioritize mitigation efforts exploitable vulnerabilities in soos research pages the soos vulnerability research docid\ laojje8flnuj0k4onkru0 pages will indicate any exploitability details that are known