NIST and CISA introduced the LEV metric to better predict the likelihood of vulnerabilities being exploited in the wild, supplementing existing tools like EPSS and KEV lists. This new deterministic metric aims to improve vulnerability prioritization and remediation efforts across industries. #KEV #EPSS
Keypoints :
- The LEV (Likely Exploited Vulnerability) metric was developed by NIST and CISA to predict exploitation likelihood in the wild.
- It aims to complement existing metrics such as KEV lists and EPSS scores, not replace them.
- The metric is deterministic, providing consistent, reproducible results using dates and a weighing system.
- Predicting exploited vulnerabilities helps improve the efficiency and cost-effectiveness of remediation efforts.
- The current tools, like EPSS, have known inaccuracies and limitations in comprehensiveness.
- LEVs can help identify vulnerabilities that may be overlooked by existing lists or scores.
- The metric is under testing with industry partners before potential formal adoption by NIST.
- Youtube Video: https://www.youtube.com/watch?v=9h8l03E0sso
- Youtube Channel: Hak5
- Youtube Published: Sat, 31 May 2025 16:00:12 +0000