Researchers from CISA and NIST have developed a new cybersecurity metric called LEV to better predict the exploitation likelihood of vulnerabilities in the wild. LEV aims to improve vulnerability prioritization by supplementing existing lists like KEV and EPSS, helping organizations focus on the most critical threats. #Cybersecurity #VulnerabilityManagement #CISA #NIST #CyberThreats
Keypoints
- LEV is a new metric designed to estimate the likelihood that vulnerabilities are exploited in the wild.
- It enhances existing tools like KEV lists and EPSS by offering additional insights into vulnerability exploitation risk.
- LEV considers variables such as update dates and EPSS scores to calculate exploitation probabilities.
- This metric helps organizations prioritize patching efforts more effectively and identify missing high-risk vulnerabilities.
- Further collaboration and data sharing are needed to validate LEV’s performance and maximize its utility.