User Guides
Managing Risks
EPSS Scoring of Risks
7 min
this feature is not available to all tiers, please contact us if you would like to discuss adding this feature to your hexiosec asm account what is epss? epss stands for exploit prediction scoring system it’s an open and data driven effort by the forum of incident response and security teams (first org) designed to estimate the likelihood that a software vulnerability will experience exploitation activity in the wild within the next 30 days in addition to cvss (common vulnerability scoring system), which focus on technical characteristics of a vulnerability, epss adds a predictive layer by using real world data to estimate how likely it is that a specific vulnerability will be targeted by attackers to generate a dynamic score that reflects current likelihood of exploitation activity epss combines cve metadata (from nvd) real world exploit data (from threat intelligence sources) machine learning models what does the epss score mean? the epss score is a probability often expressed as a percentage it indicates the likelihood that a vulnerability will experience exploitation activity in the next 30 days for example an epss score of 1% means the vulnerability is very unlikely to experience exploitation activity soon an epss score of 85% suggests the vulnerability is highly likely to experience exploitation activity soon this score is recalculated regularly, and will update each time your scan runs, reflecting the latest insights and attacker trends what is the epss percentile ? the epss percentile indicates the percentage of other vulnerabilities with lower or equal scores this indicates the ranking of a vulnerability in the epss model, showing how a specific vulnerability compares to all other vulnerabilities for example a vulnerability with an epss percentile of 95% (i e in the 95th percentile), means it is among the top 5% of vulnerabilities likely to experience exploitation activity a vulnerability with an epss percentile of 10% (i e in the 10th percentile), means it is less likely to experience exploitation activity than 90% of others this helps you quickly rank and compare vulnerabilities , especially when managing a large volume of risks how to see epss scores in asm in hexiosec asm all risks in the vulnerability category (i e cves) will have an epss score and percentile these values are visible from the following places vulnerabilities widget on the overview page on the risks for vulnerability risks actions page in the kanban and list views for each action and its risks explore page for a given vulnerability risk risks endpoint of the api it is also possible to view the epss model version and the last updated date of the scoring from the explore page for a given risk, and the expandable row section on the risks page model version vs last updated date epss scores come with two key timestamps the model version and the last updated date they serve different purposes what is the model version? the model version refers to the specific version of the epss algorithm used to generate the scores it is date based (e g v2025 07 07) and only changes when first org releases a new version of the underlying model these releases may include improved prediction logic, additional data sources, or refinements in how risk is calculated why does the model version not match the last updated date? it is normal for the model version to appear older than the last updated date this is because the model version only changes when the scoring algorithm itself is updated the last updated date reflects the most recent recalculation of epss scores and percentiles, based on new exploit data and threat intelligence this happens regularly, and will update for a given scan each time it runs so even if the model version hasn’t changed recently, scores are still kept up to date with the latest activity observed in the wild