GET A DEMO

The SSVC risk prioritization method: what it is, when to use it, and alternatives

What is SSVC? SSVC, a vulnerability prioritization methodology, was introduced to the cyber security market in April 2021 by security researchers at Carnegie Mellon University’s Software Engineering Institute (SEI) and the Cybersecurity and Infrastructure Security Agency (CISA). The SSVC method was created to help security analysts and vulnerability managers with vulnerability prioritization decision-making. How does… Continue reading The SSVC risk prioritization method: what it is, when to use it, and alternatives

Thinking of using EPSS? Here’s what you need to know

EPSS – or Exploit Prediction Scoring System – estimates the likelihood of a vulnerability being exploited. It assigns it a probability score between 0 and 1 (0% and 100%), with a higher score meaning a greater likelihood that the vulnerability will be exploited in the next 30 days.  The goal is to better prioritize the… Continue reading Thinking of using EPSS? Here’s what you need to know