* [Blog](https://www.paloaltonetworks.com/blog)
* [Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/)
* [Cloud Runtime Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-runtime-security/)
* Why EPSS Scores Matter fo...

# Why EPSS Scores Matter for Vulnerability Management

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fepss-scores%2F)  
[](https://twitter.com/share?text=Why+EPSS+Scores+Matter+for+Vulnerability+Management&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fepss-scores%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fepss-scores%2F&title=Why+EPSS+Scores+Matter+for+Vulnerability+Management&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/cloud-security/epss-scores/&ts=markdown)  
\[\](mailto:?subject=Why EPSS Scores Matter for Vulnerability Management)  
Link copied  
By [Mohit Bhasin](https://www.paloaltonetworks.com/blog/author/mohit-bhasin/?ts=markdown "Posts by Mohit Bhasin")  
Jun 20, 2024  
4 minutes  
[Cloud Runtime Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-runtime-security/?ts=markdown)  
[Cloud Workload Protection](https://www.paloaltonetworks.com/blog/category/cloud-workload-protection/?ts=markdown)  
[Vulnerability Management](https://www.paloaltonetworks.com/blog/cloud-security/category/vulnerability-management/?ts=markdown)  
[Vulnerability Scores](https://www.paloaltonetworks.com/blog/tag/vulnerability-scores/?ts=markdown)

Unaddressed security flaws can have significant repercussions --- data breaches, financial loss, reputational damage --- making [vulnerability management](https://www.paloaltonetworks.com/cyberpedia/vulnerability-management?ts=markdown) critically important.

Vulnerabilities provide entry points for attackers to exploit and possibly compromise [sensitive information](https://www.paloaltonetworks.com/cyberpedia/sensitive-data?ts=markdown) and disrupt business operations. With the increasing sophistication of cyberthreats, it's essential to proactively identify and remediate vulnerabilities to protect assets and maintain customer trust. [Effective vulnerability management](https://www.paloaltonetworks.com/blog/prisma-cloud/managing-vulnerabilities-part-one/?ts=markdown) minimizes the potential impact of attacks, ensuring a more secure and resilient IT environment.

## History of the Exploit Prediction Scoring System (EPSS)

The Exploit Prediction Scoring System (EPSS) is a relatively recent development in the field of cybersecurity, designed to predict the likelihood that a given software vulnerability will be exploited. Launched in 2019 and governed by the [Forum of Incident Response and Security Teams (FIRST](https://www.first.org/epss/)), EPSS addresses the limitations of vulnerability scoring systems like the Common Vulnerability Scoring System (CVSS), which measures the severity of vulnerabilities but doesn't account for their likelihood of being exploited.

[EPSS leverages a machine learning model](https://riskbasedprioritization.github.io/epss/Introduction_to_EPSS/) that utilizes real-world exploit data to provide a probabilistic score between 0-1, indicating the likelihood of exploitation within a specific time-frame, typically 30 days. This score allows organizations to prioritize their remediation efforts more effectively, focusing on the vulnerabilities most likely to be exploited rather than merely those deemed severe by traditional metrics.​

EPSS draws from an array of data sources, including vendor reports, academic research, and observed exploitation data. To reflect the evolving threat landscape, FIRST continuously updates the EPSS model with new data. Available for free use, it's intended to integrate with other risk management tools to provide a comprehensive view of an organization's vulnerability landscape.

## Prisma Cloud Adds EPSS Scores for Vulnerability Management

[Prisma Cloud now supports EPSS](https://docs.prismacloud.io/en/enterprise-edition/rn/prisma-cloud-release-info/features-introduced-in-2024/features-introduced-in-june-2024#new-features) in the Vulnerability Management Dashboard, Search and Investigate Graph, and Common Vulnerabilities and Exposures (CVE) side panel. Users can now prioritize vulnerabilities with the help of EPSS scores and explore vulnerability details in the side panel while inspecting cloud assets.
![At-a-glance view of top impacting vulnerabilities with CVSS and EPSS information](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/06/word-image-323411-1.png)
Figure 1: At-a-glance view of top impacting vulnerabilities with CVSS and EPSS information

## How to Use EPSS

Using the EPSS can significantly enhance your organization's vulnerability management strategy.

### Integrate EPSS with Vulnerability Management Tools

Ensure your vulnerability management tools support or can integrate EPSS data. Many modern security tools have built-in support for EPSS or allow for custom integrations using APIs. These tools can provide details of the CVE and EPSS.

### Prioritize Vulnerabilities

When you have vulnerabilities reachable from the internet, use EPSS to prioritize those with higher scores, as this will indicate their likelihood of exploitation.

### Combine with Other Metrics

Complement EPSS scores with other metrics, such as CVSS. While CVSS provides severity ratings, EPSS adds the dimension of exploit likelihood.

### Develop a Remediation Plan

Create a remediation plan that prioritizes fixing high-risk vulnerabilities as indicated by EPSS. Ensure that patching efforts are directed toward vulnerabilities with high exploitation probabilities.
![Prisma Cloud indicates which assets are most at risk.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/06/word-image-323411-2.png)
Figure 2: Prisma Cloud indicates which assets are most at risk.

### Monitor and Update Regularly

Review and adjust your prioritization based on the latest EPSS scores. Because FIRST updates the scores for incoming data, which can occur frequently, you'll want to watch the EPSS scores on your dashboard.

### Educate and Train Your Team

Train your security team on the importance and usage of EPSS. Ensure they understand how to interpret the scores and integrate them into their daily workflow.

### Example Use Case

Imagine your organization has a long list of identified vulnerabilities. Traditionally, you would prioritize them according to CVSS scores, tackling the highest severity vulnerabilities first. But some of these high-severity vulnerabilities might not be immediately exploitable. By integrating EPSS, you can reprioritize this list to focus on vulnerabilities with both high severity and high exploit likelihood to mitigate the most imminent threats.

## More Vulnerability Management Enhancement

### Support for Internet Exposure in Vulnerability Prioritization

The prioritization engine now [supports internet exposure as a risk factor](https://docs.prismacloud.io/en/enterprise-edition/rn/prisma-cloud-release-info/features-introduced-in-2024/features-introduced-in-june-2024#new-features), which combined with EPSS, provides additional insight on how vulnerabilities should be prioritized.

### Complete CVE Details

The CVE side panel now includes a [new CVE Details tab](https://docs.prismacloud.io/en/enterprise-edition/rn/prisma-cloud-release-info/features-introduced-in-2024/features-introduced-in-june-2024#new-features) that provides all the information about a given CVE, such as complete Common Vulnerability Scoring System (CVSS) risk factors, EPSS, exploit information, CISA KEV and external links.
![Access key details for CVEs of concern.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/06/word-image-323411-3.png)
Figure 3: Access key details for CVEs of concern.

## Learn More

[Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud/vulnerability-management?ts=markdown) secures applications from code to cloud, effectively reducing your organization's risk exposure. Learn more about our [newest vulnerability management features](https://docs.prismacloud.io/en/enterprise-edition/rn/prisma-cloud-release-info/features-introduced-in-2024/features-introduced-in-june-2024#new-features) and take Prisma Cloud out for a free [30-day test drive](https://www.paloaltonetworks.com/prisma/request-a-prisma-cloud-trial?ts=markdown) if you haven't experienced the advantage.

*** ** * ** ***

## Related Blogs

### [API Security](https://www.paloaltonetworks.com/blog/cloud-security/category/api-security/?ts=markdown), [Cloud Runtime Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-runtime-security/?ts=markdown), [Cloud Workload Protection](https://www.paloaltonetworks.com/blog/category/cloud-workload-protection/?ts=markdown), [CWPP](https://www.paloaltonetworks.com/blog/cloud-security/category/cwpp/?ts=markdown), [Web Application \& API Security](https://www.paloaltonetworks.com/blog/cloud-security/category/web-application-api-security/?ts=markdown)

[#### The Expanding API Attack Surface](https://www.paloaltonetworks.com/blog/cloud-security/api-security-visibility-prioritization-protection/)

### [Cloud NGFW](https://www.paloaltonetworks.com/blog/network-security/category/cloud-ngfw/?ts=markdown), [Cloud Workload Protection](https://www.paloaltonetworks.com/blog/category/cloud-workload-protection/?ts=markdown)

[#### The New Security Operating Model for Cloud and AI Workloads](https://www.paloaltonetworks.com/blog/network-security/the-new-security-operating-model-for-cloud-and-ai-workloads/)

### [AppSec](https://www.paloaltonetworks.com/blog/cloud-security/category/appsec/?ts=markdown), [Cloud Detection and Response](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-detection-and-response/?ts=markdown), [Cloud Runtime Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-runtime-security/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [Supply Chain Security](https://www.paloaltonetworks.com/blog/cloud-security/category/supply-chain-security/?ts=markdown)

[#### Shai-Hulud 2.0: How Cortex Helps Protect Against the Resurgent npm Worm](https://www.paloaltonetworks.com/blog/cloud-security/shai-hulud-2-0-npm-worm-detection-blocking/)

### [Cloud Runtime Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-runtime-security/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [Cloud Workload Protection](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection/?ts=markdown), [CWPP](https://www.paloaltonetworks.com/blog/cloud-security/category/cwpp/?ts=markdown)

[#### Agentless Vs. Agent-Based Scanning in Kubernetes: A Deep Dive](https://www.paloaltonetworks.com/blog/cloud-security/agentless-vs-agent-based-scanning-in-kubernetes-a-deep-dive/)

### [CDR](https://www.paloaltonetworks.com/blog/cloud-security/category/cdr/?ts=markdown), [Cloud Detection and Response](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-detection-and-response/?ts=markdown), [Cloud Runtime Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-runtime-security/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown)

[#### Lessons Ted Lasso Can Teach You About CDR](https://www.paloaltonetworks.com/blog/cloud-security/lessons-ted-lasso-can-teach-you-about-cdr/)

### [Cloud NGFW](https://www.paloaltonetworks.com/blog/network-security/category/cloud-ngfw/?ts=markdown), [Cloud Workload Protection](https://www.paloaltonetworks.com/blog/category/cloud-workload-protection/?ts=markdown)

[#### Cloud NGFW for Azure by Palo Alto Networks | Scalable FWaaS Security](https://www.paloaltonetworks.com/blog/network-security/cloud-ngfw-for-azure-by-palo-alto-networks-scalable-fwaas-security/)

### Subscribe to Cloud Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language