- min read
# SecDB # EPSS # CVE # Security Advisory
Notable changes in SecDB
Introduced the Exploit Prediction Scoring System (EPSS)
Added the Exploit Prediction Scoring System (EPSS) score in all tables and CVE pages.
The Exploit Prediction Scoring System (EPSS) is an open, data-driven effort for estimating the likelihood (probability) that a software vulnerability will be exploited in the wild. Our goal is to assist network defenders to better prioritize vulnerability remediation efforts. While other industry standards have been useful for capturing innate characteristics of a vulnerability and provide measures of severity, they are limited in their ability to assess threat. EPSS fills that gap because it uses current threat information from CVE and real-world exploit data. The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
[ EPSS value for Log4Shell CVE-2021-44228 ]
[ CVEs table for CISA-2022:0908 advisory ]
[ EPSS time series for Log4Shell CVE-2021-44228 in "EPSS" tab ]
https://www.first.org/epss - EPSS (Exploit Prediction Score System)
"Packages & Software" in CVE detail page
Using the Security Advisory information, now you can view the affected or unaffected "Packages and Software" of specific CVE.
[ The "Packages and Software" tab ]
New Security Advisories feeds
Added new advisories:
- Microsoft Security Response Center (MSRC)
- VMWare
- RustSec (Crates.io)
- RubySec (RubyGems)
New "Infamous Vulnerabilities"
Added the "Infamous Vulnerabilities" table.
[ Log4Shell, PrintNightmare, ShellShock and other "infamous" vulnerabilities with related CVEs ID ]
User Interface Improvements
- "CVE" detail page: Now the NASL/NVT plugins, PoC, ExploitDB and Metasplot data are in one place... "Tools, PoC and Exploits" tab.
- "CVE" detail page: "CVSS", "CAPEC", "OVAL" and "EPSS" tabs, now display a brief description.
- Moved all charts from "Vulnerabilities" page in the new "Dashboard" page. Now the "Vulnerabilities" page display the search form.
- In "Weakness Trend" chart it's possible to display the trend by CVSS (v3/v2) severity, using the buttons on top of chart.