Cybersecurity Researcher, Entrepreneur, Professor. Follow me for FUD-free, data-filled analysis of infosec trends and challenges.
ICYMI: The inaugural study on EPSS performance and broader vulnerability exploitation trends published this week. If you've ever wanted data-driven answers to questions like these listed in the ToC shown here, download it today (free, no registration req'd): https://lnkd.in/gBbsgwQM #vulnerabilitymanagement #vulnerabilities #infosec
Jose M Seara
4mo
Great report. Wade, any additional analysis or on-going effort on how EPSS and CVSS correlate with dollars at risk, once other considerations such as cybersecurity controls are added into the equation?
Thank you for this amazing resource! Apart from the obvious value of EPSS, the Coverage / Effort / Efficiency vertices are super-useful for developing strategy. That's why we published the free tool here, so you can develop graphs like Jay Jacobs below, but using your own list of CVEs from scans of your own environment, and your own preferred list of known exploited vulnerabilities, to model out different strategies for patching in your org... https://wicusross.github.io/
Jane G.
4mo
The figures are especially useful Wade. Thanks to you and your team.
Great to be a part of this research Wade Baker, Ph.D. Our customers are definitely seeing the value of an exploitation scoring method in addition to CVSS.