Netvora logo
Submit Startup Subscribe
Home About Contact Submit Startup Subscribe

Method Predicts Likelihood of Exploited Cybersecurity Vulnerabilities

Comment

Method Predicts Likelihood of Exploited Cybersecurity Vulnerabilities

Netvora May 20, 2025 at 03:10 PM Security
Method Predicts Likelihood of Exploited Cybersecurity Vulnerabilities

Method Predicts Likelihood of Exploited Cybersecurity Vulnerabilities

By Netvora Tech News

Researchers from the National Institute of Standards and Technology (NIST) and the US Cybersecurity and Infrastructure Security Agency (CISA) have developed a new method to predict the likelihood that a cybersecurity vulnerability has been exploited. This approach aims to help organizations prioritize security updates by identifying the most critical weaknesses.

According to the researchers, only a small percentage of the tens of thousands of vulnerabilities discovered annually are actually exploited in attacks. Predicting which vulnerabilities are more likely to be exploited can make the patching process more cost-effective and efficient for organizations. The study found that only 5% of identified vulnerabilities are indeed exploited.

Prioritizing Vulnerability Patching

Companies are responsible for patching vulnerabilities in their systems on a monthly basis, but a recent study found that only 16% of identified vulnerabilities are actually addressed. The researchers suggest that this low percentage is due to the costly process of testing and deploying mitigations, including patching, testing, and rollout.

Exploit Prediction Scoring System (EPSS)

The EPSS is an earlier developed method that predicts the likelihood of a vulnerability being exploited within 30 days of its discovery. However, it is known to have inaccuracies. Additionally, there are lists of known exploited vulnerabilities, but these are not comprehensive. The researchers have now developed the "Likely Exploited Vulnerabilities" method, which serves as an addition to the EPSS and KEV lists.

Methodology

The "Likely Exploited Vulnerabilities" method is based on historical EPSS scores, resulting in a calculated likelihood that a vulnerability has been exploited. This outcome can help organizations determine the most critical vulnerabilities and reduce cybersecurity risks, according to the researchers.

  • The method aims to prioritize vulnerability patching by identifying the most likely exploited vulnerabilities.
  • The study found that only 5% of identified vulnerabilities are actually exploited in attacks.
  • The "Likely Exploited Vulnerabilities" method is based on historical EPSS scores and serves as an addition to the EPSS and KEV lists.
  • The approach aims to make the patching process more cost-effective and efficient for organizations.

By using this method, organizations can better prioritize their vulnerability patching efforts, reducing the risk of cybersecurity breaches and minimizing the impact of attacks.

Comments (0)

Leave a comment

Back to homepage

You might also like