General

What is the Exploit Prediction Scoring System (EPSS)?

The Exploit Prediction Scoring System (EPSS) is a data-driven framework designed to estimate the likelihood (probability) that a software vulnerability will be exploited in the wild. It helps security teams effectively prioritize which vulnerabilities to remediate first.

EPSS assigns a numerical score ranging from 0 to 1 (0% to 100%). A higher score indicates a greater likelihood of exploitation. Specifically, the score reflects the probability that a particular vulnerability (identified by its CVE ID) will be exploited within the next 30 days.

The Forum of Incident Response and Security Teams (FIRST) updates the Exploit Prediction Scoring System (EPSS) daily, using a machine learning model that incorporates vulnerability metadata and exploitation evidence to predict which vulnerabilities are most likely to be exploited in the next 30 days.

Holm Security updates the score in Security Center every 24 hours based on the latest data available.


To filter and see your ESPSS score within your Security Center, do the following:

  1. Log in to Security Center.
  2. Go to Vulnerability Manager> Unified view.
  3. Click Filter to expand the filters. 
  4. Select a range of the EPSS score to only see the vulnerabilities that fall within the selected EPSS score range.
  5. Click on a vulnerability to reveal more information, and then navigate to the Details section to see its exact EPSS score.
  6. Done!