An Introduction to EPSS, The Exploit Prediction Scoring System скачать в хорошем качестве

An Introduction to EPSS, The Exploit Prediction Scoring System

Jay Jacobs (Cyentia, US), Sasha Romanosky (RAND Corporation, US) Jay Jacobs is a Co-founder and Chief Data Scientist at Cyentia Institute, a research firm dedicated to advancing the state of information security knowledge and practice through data-driven research. Jay is also the lead data scientist for the Exploit Prediction Scoring System (EPSS) and is co-chair of the EPSS special interest group at FIRST. He is also a co-founder of the Society for Information Risk Analysts (SIRA), a not-for-profit association dedicated to advancing risk management practices where he served on the board of directors for several years. Finally, Jay is a co-author of "Data-Driven Security", a book covering data analysis and visualizations for information security professionals. Sasha Romanosky, PhD, researches topics on the economics of security and privacy, cyber crime, cyber insurance, and national security. He is a Senior Policy Researcher at the RAND Corporation, a faculty member of the Pardee RAND Graduate School, and an affiliated faculty in the Program on Economics & Privacy at the Antonin Scalia Law School, George Mason University. Sasha was a security professional for over 10 years in the financial and e-commerce industries, and is one of the original authors of the Common Vulnerability Scoring System (CVSS), and co-creator of the Exploit Probability Scoring System (EPSS), an emerging standard for estimating the probability of a vulnerability being exploited in the wild. Sasha is a former Cyber Policy Advisor in the Office of the Secretary of Defense for Policy (OSDP) at the Pentagon, where he oversaw the Defense Department's Vulnerability Equities Process (VEP), the Vulnerability Disclosure Program (VDP), and other cyber policy matters. Sasha is also an appointed member of DHS's Data Privacy and Integrity Committee (DPIAC), where we advise the Secretary of Homeland Security and DHS's Chief Privacy Officer on policy, operational, and technology issues. --- The Exploit Prediction Scoring System (EPSS) is an emerging standard that estimates the probability that a vulnerability will be exploited. Since our creation in April 2020, we have grown to over 150 members from around the world, with tens of thousands of daily downloads of our probability scores and API calls.In addition, we have improved and refined the model, and augmented the data feeds with even more data partners. In this presentation, Sasha Romanosky and Jay Jacobs - the original authors and co-chairs of the EPSS SIG - will discuss the evolution of EPSS, some initial findings from our data analysis, and future directions. No prior knowledge or experience with EPSS is required for this talk.