EdgeBit integrates many datasets, including the Exploit Prediction Scoring System (EPSS). This is an AI-based measure of the probability of exploitation in the next 30 days for a given CVE.
The biggest drivers of an EPSS score increase are:
EdgeBit uses a threshold of exploitabity of over 10% to prompt you to take action. These scores are updated daily so you can expect them to change as conditions change.
It’s also important to understand the percentile of known CVEs that the exploitabity score represents. In the examples above,
10.52% may not seem high, but that’s more serious than 94% of public CVEs – absolutely worth investigating.
EdgeBit displays EPSS data for an entire project on the Overview and on a per-Component basis on the Vulnerabilities tab. Items that are prioritized for your investigation link directly to the Component Issue they correspond to with all of the production usage context available to you.