You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: epss/LEV/index.html
+10-2Lines changed: 10 additions & 2 deletions
Original file line number
Diff line number
Diff line change
@@ -1995,7 +1995,7 @@ <h1 id="introduction-to-lev">Introduction to LEV<a class="headerlink" href="#int
1995
1995
<li>why it matters for day-to-day prioritization </li>
1996
1996
<li>how to apply it alongside <abbrtitle="Exploit Prediction Scoring System">EPSS</abbr> and <abbrtitle="Known Exploited Vulnerability">KEV</abbr></li>
1997
1997
</ul>
1998
-
<p><imgalt="🧑💻" class="twemoji" src="https://cdn.jsdelivr.net/gh/jdecked/twemoji@15.0.3/assets/svg/1f9d1-200d-1f4bb.svg" title=":technologist:" />[Source Code] will be provided for LEV. Instead of making invalid assumptions to optimize the computation for LEV2 (handling "<abbrtitle="Exploit Prediction Scoring System">EPSS</abbr> scores as covering only a single day by dividing them by 30": <spanclass="arithmatex">\(P_1 \approx P_{30}/30\)</span>), it will use the correct algorithm but optimize with concurrent processing.</p>
1998
+
<p><imgalt="🧑💻" class="twemoji" src="https://cdn.jsdelivr.net/gh/jdecked/twemoji@15.0.3/assets/svg/1f9d1-200d-1f4bb.svg" title=":technologist:" /><ahref="https://github.com/RiskBasedPrioritization/LEV/">Source Code</a> is a clean-room implementation of the LEV source code i.e. from the whitepaper only. It is not associated with the LEV paper authors.</p>
1999
1999
</div>
2000
2000
<h2id="what-is-lev">What is LEV?<aclass="headerlink" href="#what-is-lev" title="Permanent link">¶</a></h2>
2001
2001
<p><strong>Likely Exploited Vulnerabilities (LEV) is a probabilistic score proposed by NIST to estimate the chance that a published vulnerability (<abbrtitle="CVE Common Vulnerability and Exposures. A standardized list of publicly known vulnerabilities and exposures maintained by the MITRE Corporation.">CVE</abbr>) has already been exploited in the wild</strong>. </p>
<p>LEV handles <abbrtitle="Exploit Prediction Scoring System">EPSS</abbr> scores as covering only a single day by dividing them by 30: <spanclass="arithmatex">\(P_1 \approx P_{30}/30\)</span></p>
2178
2178
<p>Dividing a 30-day probability by 30 to get a 1-day probability generally <strong>does not make sense</strong> in a rigorous probabilistic context.</p>
2179
+
<p>An example run of the code from <abbrtitle="Exploit Prediction Scoring System">EPSS</abbr> to 2023-3-7 to 2025-5-31 showed that this approximation resulted in +674 vulnerabilities (+1.57%) less than the rigorous approach.</p>
<li>why it matters for day-to-day prioritization </li>
4599
4599
<li>how to apply it alongside <abbr title="Exploit Prediction Scoring System">EPSS</abbr> and <abbr title="Known Exploited Vulnerability">KEV</abbr> </li>
4600
4600
</ul>
4601
-
<p><img alt="🧑💻" class="twemoji" src="https://cdn.jsdelivr.net/gh/jdecked/twemoji@15.0.3/assets/svg/1f9d1-200d-1f4bb.svg" title=":technologist:" /> [Source Code] will be provided for LEV. Instead of making invalid assumptions to optimize the computation for LEV2 (handling "<abbr title="Exploit Prediction Scoring System">EPSS</abbr> scores as covering only a single day by dividing them by 30": <span class="arithmatex">\(P_1 \approx P_{30}/30\)</span>), it will use the correct algorithm but optimize with concurrent processing.</p>
4601
+
<p><img alt="🧑💻" class="twemoji" src="https://cdn.jsdelivr.net/gh/jdecked/twemoji@15.0.3/assets/svg/1f9d1-200d-1f4bb.svg" title=":technologist:" /> <a href="https://github.com/RiskBasedPrioritization/LEV/">Source Code</a> is a clean-room implementation of the LEV source code i.e. from the whitepaper only. It is not associated with the LEV paper authors.</p>
4602
4602
</div>
4603
4603
<h2 id="epss-lev-what-is-lev">What is LEV?<a class="headerlink" href="#epss-lev-what-is-lev" title="Permanent link">¶</a></h2>
4604
4604
<p><strong>Likely Exploited Vulnerabilities (LEV) is a probabilistic score proposed by NIST to estimate the chance that a published vulnerability (<abbr title="CVE Common Vulnerability and Exposures. A standardized list of publicly known vulnerabilities and exposures maintained by the MITRE Corporation.">CVE</abbr>) has already been exploited in the wild</strong>. </p>
@@ -4779,8 +4779,9 @@ <h3 id="epss-lev-lev2-approximation">LEV2 Approximation<a class="headerlink" hre
4779
4779
</div>
4780
4780
<p>LEV handles <abbr title="Exploit Prediction Scoring System">EPSS</abbr> scores as covering only a single day by dividing them by 30: <span class="arithmatex">\(P_1 \approx P_{30}/30\)</span></p>
4781
4781
<p>Dividing a 30-day probability by 30 to get a 1-day probability generally <strong>does not make sense</strong> in a rigorous probabilistic context.</p>
4782
+
<p>An example run of the code from <abbr title="Exploit Prediction Scoring System">EPSS</abbr> to 2023-3-7 to 2025-5-31 showed that this approximation resulted in +674 vulnerabilities (+1.57%) less than the rigorous approach.</p>
0 commit comments