Skip to content

Commit 7403f4d

Browse files
CrashedmindCrashedmind
committed
Deployed 67666e4 with MkDocs version: 1.5.3
1 parent 132b13a commit 7403f4d

File tree

6 files changed

+68
-38
lines changed

6 files changed

+68
-38
lines changed

assets/images/EPSS_threshold_emoji.png

14.1 KB
Loading

epss/Applying_EPSS_to_your_environment/index.html

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1556,6 +1556,21 @@ <h1 id="applying-epss-to-your-environment">Applying <abbr title="Exploit Predict
15561556
<li>Types of CVEs that <abbr title="Exploit Prediction Scoring System">EPSS</abbr> works best for</li>
15571557
</ul>
15581558
</div>
1559+
<div class="admonition tip">
1560+
<p class="admonition-title"><abbr title="Exploit Prediction Scoring System">EPSS</abbr> is only available for published CVEs</p>
1561+
<p><a href="https://riskbasedprioritization.github.io/epss/Introduction_to_EPSS/#what-is-epss"><abbr title="Exploit Prediction Scoring System">EPSS</abbr> produces probability scores for all known published CVEs</a> based on current exploitation ability, and updates these scores daily.</p>
1562+
<p>This has the following repercussions:</p>
1563+
<ol>
1564+
<li><strong>Timeliness</strong>: It will not be available for vulnerabilities exploited before they have an associated <abbr title="CVE Common Vulnerability and Exposures. A standardized list of publicly known vulnerabilities and exposures maintained by the MITRE Corporation.">CVE</abbr> (a process that can sometimes take weeks). <ol>
1565+
<li><a href="https://riskbasedprioritization.github.io/risk/Understanding_Risk/?h=zero#zero-days">Zero days don't have a <abbr title="CVE Common Vulnerability and Exposures. A standardized list of publicly known vulnerabilities and exposures maintained by the MITRE Corporation.">CVE</abbr> ID</a> </li>
1566+
</ol>
1567+
</li>
1568+
<li><strong>Coverage</strong>:<ol>
1569+
<li>Vulnerabilities without a <abbr title="CVE Common Vulnerability and Exposures. A standardized list of publicly known vulnerabilities and exposures maintained by the MITRE Corporation.">CVE</abbr> ID or which are listed on other <a href="../../risk/Data_Sources/">Other Vulnerability Data Sources</a> will not receive an <abbr title="Exploit Prediction Scoring System">EPSS</abbr> score.</li>
1570+
</ol>
1571+
</li>
1572+
</ol>
1573+
</div>
15591574
<h2 id="epss-for-your-environment"><abbr title="Exploit Prediction Scoring System">EPSS</abbr> for YOUR Environment<a class="headerlink" href="#epss-for-your-environment" title="Permanent link">&para;</a></h2>
15601575
<p>The <a href="https://www.first.org/epss/model"><abbr title="Exploit Prediction Scoring System">EPSS</abbr> Model</a> ground truth and validation is based on exploitation observations from
15611576
network- or host-layer intrusion detection/prevention systems (IDS/IPS),

print_page/index.html

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3392,6 +3392,21 @@ <h2 id="epss-introduction_to_epss-count-of-cves-at-or-above-epss-score">Count of
33923392
<li>Types of CVEs that <abbr title="Exploit Prediction Scoring System">EPSS</abbr> works best for</li>
33933393
</ul>
33943394
</div>
3395+
<div class="admonition tip">
3396+
<p class="admonition-title"><abbr title="Exploit Prediction Scoring System">EPSS</abbr> is only available for published CVEs</p>
3397+
<p><a href="https://riskbasedprioritization.github.io/epss/Introduction_to_EPSS/#what-is-epss"><abbr title="Exploit Prediction Scoring System">EPSS</abbr> produces probability scores for all known published CVEs</a> based on current exploitation ability, and updates these scores daily.</p>
3398+
<p>This has the following repercussions:</p>
3399+
<ol>
3400+
<li><strong>Timeliness</strong>: It will not be available for vulnerabilities exploited before they have an associated <abbr title="CVE Common Vulnerability and Exposures. A standardized list of publicly known vulnerabilities and exposures maintained by the MITRE Corporation.">CVE</abbr> (a process that can sometimes take weeks). <ol>
3401+
<li><a href="https://riskbasedprioritization.github.io/risk/Understanding_Risk/?h=zero#zero-days">Zero days don't have a <abbr title="CVE Common Vulnerability and Exposures. A standardized list of publicly known vulnerabilities and exposures maintained by the MITRE Corporation.">CVE</abbr> ID</a> </li>
3402+
</ol>
3403+
</li>
3404+
<li><strong>Coverage</strong>:<ol>
3405+
<li>Vulnerabilities without a <abbr title="CVE Common Vulnerability and Exposures. A standardized list of publicly known vulnerabilities and exposures maintained by the MITRE Corporation.">CVE</abbr> ID or which are listed on other <a href="#risk-data_sources">Other Vulnerability Data Sources</a> will not receive an <abbr title="Exploit Prediction Scoring System">EPSS</abbr> score.</li>
3406+
</ol>
3407+
</li>
3408+
</ol>
3409+
</div>
33953410
<h2 id="epss-applying_epss_to_your_environment-epss-for-your-environment"><abbr title="Exploit Prediction Scoring System">EPSS</abbr> for YOUR Environment<a class="headerlink" href="#epss-applying_epss_to_your_environment-epss-for-your-environment" title="Permanent link">&para;</a></h2>
33963411
<p>The <a href="https://www.first.org/epss/model"><abbr title="Exploit Prediction Scoring System">EPSS</abbr> Model</a> ground truth and validation is based on exploitation observations from
33973412
network- or host-layer intrusion detection/prevention systems (IDS/IPS),

search/search_index.json

Lines changed: 1 addition & 1 deletion
Large diffs are not rendered by default.

sitemap.xml

Lines changed: 37 additions & 37 deletions
Original file line numberDiff line numberDiff line change
@@ -2,187 +2,187 @@
22
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
33
<url>
44
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/</loc>
5-
<lastmod>2024-03-17</lastmod>
5+
<lastmod>2024-03-22</lastmod>
66
<changefreq>daily</changefreq>
77
</url>
88
<url>
99
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/annex/Glossary/</loc>
10-
<lastmod>2024-03-17</lastmod>
10+
<lastmod>2024-03-22</lastmod>
1111
<changefreq>daily</changefreq>
1212
</url>
1313
<url>
1414
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/cisa_kev/cisa_kev/</loc>
15-
<lastmod>2024-03-17</lastmod>
15+
<lastmod>2024-03-22</lastmod>
1616
<changefreq>daily</changefreq>
1717
</url>
1818
<url>
1919
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/cvss/CVSS/</loc>
20-
<lastmod>2024-03-17</lastmod>
20+
<lastmod>2024-03-22</lastmod>
2121
<changefreq>daily</changefreq>
2222
</url>
2323
<url>
2424
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/epss/Applying_EPSS_to_your_environment/</loc>
25-
<lastmod>2024-03-17</lastmod>
25+
<lastmod>2024-03-22</lastmod>
2626
<changefreq>daily</changefreq>
2727
</url>
2828
<url>
2929
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/epss/EPSS_Thresholds/</loc>
30-
<lastmod>2024-03-17</lastmod>
30+
<lastmod>2024-03-22</lastmod>
3131
<changefreq>daily</changefreq>
3232
</url>
3333
<url>
3434
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/epss/EPSS_and_CISA_KEV/</loc>
35-
<lastmod>2024-03-17</lastmod>
35+
<lastmod>2024-03-22</lastmod>
3636
<changefreq>daily</changefreq>
3737
</url>
3838
<url>
3939
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/epss/Introduction_to_EPSS/</loc>
40-
<lastmod>2024-03-17</lastmod>
40+
<lastmod>2024-03-22</lastmod>
4141
<changefreq>daily</changefreq>
4242
</url>
4343
<url>
4444
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/epss/What_users_ask_for/</loc>
45-
<lastmod>2024-03-17</lastmod>
45+
<lastmod>2024-03-22</lastmod>
4646
<changefreq>daily</changefreq>
4747
</url>
4848
<url>
4949
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/includes/abbreviations/</loc>
50-
<lastmod>2024-03-17</lastmod>
50+
<lastmod>2024-03-22</lastmod>
5151
<changefreq>daily</changefreq>
5252
</url>
5353
<url>
5454
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/includes/epss_threshold/</loc>
55-
<lastmod>2024-03-17</lastmod>
55+
<lastmod>2024-03-22</lastmod>
5656
<changefreq>daily</changefreq>
5757
</url>
5858
<url>
5959
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/includes/plots_cvss_epss/</loc>
60-
<lastmod>2024-03-17</lastmod>
60+
<lastmod>2024-03-22</lastmod>
6161
<changefreq>daily</changefreq>
6262
</url>
6363
<url>
6464
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/includes/vendor_warning/</loc>
65-
<lastmod>2024-03-17</lastmod>
65+
<lastmod>2024-03-22</lastmod>
6666
<changefreq>daily</changefreq>
6767
</url>
6868
<url>
6969
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/includes/vulns_exploited/</loc>
70-
<lastmod>2024-03-17</lastmod>
70+
<lastmod>2024-03-22</lastmod>
7171
<changefreq>daily</changefreq>
7272
</url>
7373
<url>
7474
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/introduction/Introduction/</loc>
75-
<lastmod>2024-03-17</lastmod>
75+
<lastmod>2024-03-22</lastmod>
7676
<changefreq>daily</changefreq>
7777
</url>
7878
<url>
7979
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/introduction/Scope/</loc>
80-
<lastmod>2024-03-17</lastmod>
80+
<lastmod>2024-03-22</lastmod>
8181
<changefreq>daily</changefreq>
8282
</url>
8383
<url>
8484
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/introduction/code_and_data/</loc>
85-
<lastmod>2024-03-17</lastmod>
85+
<lastmod>2024-03-22</lastmod>
8686
<changefreq>daily</changefreq>
8787
</url>
8888
<url>
8989
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/introduction/contributors/</loc>
90-
<lastmod>2024-03-17</lastmod>
90+
<lastmod>2024-03-22</lastmod>
9191
<changefreq>daily</changefreq>
9292
</url>
9393
<url>
9494
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/introduction/foreword/</loc>
95-
<lastmod>2024-03-17</lastmod>
95+
<lastmod>2024-03-22</lastmod>
9696
<changefreq>daily</changefreq>
9797
</url>
9898
<url>
9999
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/introduction/preface/</loc>
100-
<lastmod>2024-03-17</lastmod>
100+
<lastmod>2024-03-22</lastmod>
101101
<changefreq>daily</changefreq>
102102
</url>
103103
<url>
104104
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/organizations/Yahoo/</loc>
105-
<lastmod>2024-03-17</lastmod>
105+
<lastmod>2024-03-22</lastmod>
106106
<changefreq>daily</changefreq>
107107
</url>
108108
<url>
109109
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/organizations/acme/Applied/</loc>
110-
<lastmod>2024-03-17</lastmod>
110+
<lastmod>2024-03-22</lastmod>
111111
<changefreq>daily</changefreq>
112112
</url>
113113
<url>
114114
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/requirements/Requirements/</loc>
115-
<lastmod>2024-03-17</lastmod>
115+
<lastmod>2024-03-22</lastmod>
116116
<changefreq>daily</changefreq>
117117
</url>
118118
<url>
119119
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/risk/Back_of_napkin/</loc>
120-
<lastmod>2024-03-17</lastmod>
120+
<lastmod>2024-03-22</lastmod>
121121
<changefreq>daily</changefreq>
122122
</url>
123123
<url>
124124
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/risk/Data_Sources/</loc>
125-
<lastmod>2024-03-17</lastmod>
125+
<lastmod>2024-03-22</lastmod>
126126
<changefreq>daily</changefreq>
127127
</url>
128128
<url>
129129
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/risk/Log4Shell/</loc>
130-
<lastmod>2024-03-17</lastmod>
130+
<lastmod>2024-03-22</lastmod>
131131
<changefreq>daily</changefreq>
132132
</url>
133133
<url>
134134
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/risk/Rbp_schemes/</loc>
135-
<lastmod>2024-03-17</lastmod>
135+
<lastmod>2024-03-22</lastmod>
136136
<changefreq>daily</changefreq>
137137
</url>
138138
<url>
139139
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/risk/Takeaway/</loc>
140-
<lastmod>2024-03-17</lastmod>
140+
<lastmod>2024-03-22</lastmod>
141141
<changefreq>daily</changefreq>
142142
</url>
143143
<url>
144144
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/risk/Understanding_Risk/</loc>
145-
<lastmod>2024-03-17</lastmod>
145+
<lastmod>2024-03-22</lastmod>
146146
<changefreq>daily</changefreq>
147147
</url>
148148
<url>
149149
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/risk/Vulnerability_Landscape/</loc>
150-
<lastmod>2024-03-17</lastmod>
150+
<lastmod>2024-03-22</lastmod>
151151
<changefreq>daily</changefreq>
152152
</url>
153153
<url>
154154
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/ssvc/SSVC/</loc>
155-
<lastmod>2024-03-17</lastmod>
155+
<lastmod>2024-03-22</lastmod>
156156
<changefreq>daily</changefreq>
157157
</url>
158158
<url>
159159
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/ssvc/decision_trees/</loc>
160-
<lastmod>2024-03-17</lastmod>
160+
<lastmod>2024-03-22</lastmod>
161161
<changefreq>daily</changefreq>
162162
</url>
163163
<url>
164164
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/ssvc/decision_trees_from_scratch/</loc>
165-
<lastmod>2024-03-17</lastmod>
165+
<lastmod>2024-03-22</lastmod>
166166
<changefreq>daily</changefreq>
167167
</url>
168168
<url>
169169
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/vendors/Edgescan/</loc>
170-
<lastmod>2024-03-17</lastmod>
170+
<lastmod>2024-03-22</lastmod>
171171
<changefreq>daily</changefreq>
172172
</url>
173173
<url>
174174
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/vendors/Microsoft_Exploitability_Index/</loc>
175-
<lastmod>2024-03-17</lastmod>
175+
<lastmod>2024-03-22</lastmod>
176176
<changefreq>daily</changefreq>
177177
</url>
178178
<url>
179179
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/vendors/Qualys/</loc>
180-
<lastmod>2024-03-17</lastmod>
180+
<lastmod>2024-03-22</lastmod>
181181
<changefreq>daily</changefreq>
182182
</url>
183183
<url>
184184
<loc>https://github.com/RiskBasedPrioritization/RiskBasedPrioritization.github.io/vendors/vendors/</loc>
185-
<lastmod>2024-03-17</lastmod>
185+
<lastmod>2024-03-22</lastmod>
186186
<changefreq>daily</changefreq>
187187
</url>
188188
</urlset>

sitemap.xml.gz

-1 Bytes
Binary file not shown.

0 commit comments

Comments
 (0)