Researchers from NIST and CISA have developed a new vulnerability exploit likelihood metric called LEV to better predict which vulnerabilities are at risk of being exploited in the wild. This new measure aims to improve the accuracy of existing tools like EPSS and KEV, helping organizations allocate remediation efforts more effectively. #CVE2023-1730 #CVE2023-29373
Keypoints
- The new LEV metric enhances existing vulnerability prediction tools like EPSS and KEV.
- Current remediation rates are low, partly due to high costs for companies to address vulnerabilities.
- LEV provides more accurate probabilities of exploitation, often higher than those given by EPSS.
- Hundreds of vulnerabilities show a high likelihood of exploitation, many not listed in KEV.
- The researchers seek industry partners to validate and improve the effectiveness of the LEV metric.
Read More: https://thecyberexpress.com/cisa-nist-vulnerability-exploit-metric/