Who is using EPSS?

A list of vendors with products who support EPSS in their products.

In order to be added to this list, please submit a pull request with a link to evidence that your product supports EPSS. You can also message Patrick Garrity on Linkedin here: https://www.linkedin.com/in/patrickmgarrity/

Vendor Product Link
AppSoc Risk-Based Application Security Posture Management https://www.appsoc.com/
Aqua Security Aqua Workload Protection https://support.aquasec.com/support/solutions/articles/16000166626-2023-september-saas-update-release%23EPSS-(Exploit-Prediction-Scorin
Armis Armis Asset Vulnerability Management module https://www.armis.com/integrations/exploit-prediction-scoring-system-epss/
Armo Security Armo Kubernetes Security https://hub.armosec.io/docs/vulnerabilities-workloads
Armorcode Risk-Based Vulnerability Management https://www.armorcode.com/blog/epss-and-risk-based-vulnerability-prioritization
Avalor Avalor Security Data Fabric https://www.avalor.io/integrations
AWS Inspector https://aws.amazon.com/about-aws/whats-new/2023/07/amazon-inspector-vulnerability-intelligence-findings/
Axonius Vulnerability Management Module https://docs.axonius.com/docs/vulnerabilities
Backlash Reachability SAST/SCA https://www.backslash.security/
Balbix Risk-Based Vulnerability Management https://www.balbix.com/product/risk-based-vulnerability-management/
Binarly Transparency Platform https://binarly.io/capabilities
Bomber Bomber https://github.com/devops-kung-fu/bomber
Brinqa Cyber Risk Platform https://www.brinqa.com/glossary/what-is-epss-score/
Boost Security DevSecOps Platform https://docs.boostsecurity.io/user-guide/new_release.html#2023-03-09
Cavelo Attack Surface Management https://www.cavelo.com
CIRCL Vulnerability Lookup https://vulnerability.circl.lu
cvefeed.io Vulnerability Intelligence https://cvefeed.io
Cisco Kenna Security https://www.helpnetsecurity.com/2019/11/04/kenna-security-exploit-prediction-scoring-system/
Clavis Risk-Based Vulnerability Priorization https://produto.clavis.com.br/material-bart-gerenciamento-de-vulnerabilidade-baselines-analises-de-risco-testes-de-seguranca/
Cytidel vulnerability and risk management platform https://www.cytidel.com/
Claroty vulnerability and Risk Management https://claroty.com/press-releases/claroty-unveils-new-vulnerability-risk-management-capabilities-to-supercharge-risk-reduction-for-cyber-physical-systems
Coalition Coalition Exploit Scoring System https://ess.coalitioninc.com/
ConnectSecure ConnectSecure Vulnerability Management https://connectsecure.com/news/product-update-epss-empowers-msps-to-tackle-high-risk-vulnerabilities
Cowbell Cowbell Insurance https://cowbell.insure/
Culinda Culinda Cloud Security https://www.culinda.io/
CTM360 Threat Cover https://www.ctm360.com/
CVE Crowd CVEs discussed on the Fediverse https://cvecrowd.com/
Cybeats SBOM Studio https://www.cybeats.com/sbom-studio
CybelAngel Asset Discovery & Monitoring https://cybelangel.com/asset-discovery-and-monitoring/
Cyberwatch Cyberwatch Vulnerability Management https://cyberwatch.fr/veille/epss-quest-ce-que-lexploit-prediction-scoring-system/
Cyscale Cloud Security Platform https://cyscale.com/blog/security-scoring-cvss4-vs-cvss3-need-to-know/
Datadog Application Vulnerability Management https://www.datadoghq.com/product/application-vulnerability-management/
Dazz Dazz Unified Remediation Platform https://www.dazz.io/platform
Deepfactor Application Security Platform https://www.deepfactor.io/deepfactor-3-5-includes-enhanced-vulnerability-prioritization-with-epss-support-and-reachability-analysis-for-golang/
Denexus OT Cyber Risk Quantification https://www.denexus.io/products/derisk/industrial
DevOcean Low-Touch Remediation Platform https://www.devocean.security/blog/epss-everything-you-need-to-know
Docker Scout Solution for proactively enhancing your software supply chain security https://www.docker.com/products/docker-scout/
EdgeBit EdgeBit Security Platform https://edgebit.io/docs/0.x/investigate-epss/
Edgescan Risk-Based Vulnerability Management Solution https://www.edgescan.com/solutions/vulnerability-management/
Elastic Elastic Seach Platform https://www.elastic.co/docs/current/integrations/first_epss
Endor Labs Endor Labs https://www.endorlabs.com/blog/cve-vulnerability-epss-ssvc-reachability-vex
FOSSA The Modern Open Source Risk Platform https://fossa.com/blog/understanding-using-epss-scoring-system/
Flashpoint Flashpoint VulnDB https://flashpoint.io/resources/datasheets/vulndb-ransomware-and-exploit-prediction-model/
Fleet Open-source device management https://fleetdm.com/upgrade
ForeScout Risk and Exposure Management https://www.forescout.com/products/rem/
Fortinet Forinet DAST https://docs.fortinet.com/document/fortidast/23.3.0/user-guide/476620/vulnerabilities
FortMesa Riskchain VM https://land.fortmesa.com/vulnerability-management-101
Finite State Finite State Platform https://finitestate.io/products/finite-state-platform/
Github Advisory Database https://github.blog/changelog/2024-10-10-epss-scores-in-the-github-advisory-database/
HackerOne CVE Discovery https://hackerone.com/hacktivity/cve_discovery
Hackuity Risk-Based Vulnerability Management https://www.hackuity.io/
IBM Security
Kodem Kodem Security https://www.kodemsecurity.com/
Kondukto Kondukto ASPM Platform https://kondukto.io/
Legit Security Legit Supply Chain Security https://www.legitsecurity.com/
Luna Sec Luna Sec https://www.lunasec.io/docs/blog/what-is-epss/
Manifest Manifest https://www.manifestcyber.com/blog/introducing-manifest
Mandiant Mandiant Vulnerability Intelligence https://www.mandiant.com/resources/blog/enhanced-vulnerability-intelligence
Mend.io Mend https://docs.mend.io/bundle/sca_user_guide/page/view_epss_scores_for_container_images.html
Microsoft Microsoft Defender https://techcommunity.microsoft.com/t5/microsoft-defender-vulnerability/enhancing-vulnerability-prioritization-with-asset-context-and/ba-p/4212480
Morphisec Morphisec Vulnerability Management https://blog.morphisec.com/morphisec-next-gen-risk-based-vulnerability-prioritization
Netrise Netrise Platform https://www.netrise.io/xiot-security-blog/sbom-ingest
NetSPI Attack Surface Management (ASM) https://www.netspi.com
Noetic Noetic Platform https://noeticcyber.com/risk-driven-vulnerability-prioritization/
Nucleus Security Nucleus Unified Vulnerability Management https://nucleussec.com/blog/what-is-epss/
NTT DATA YaVS / SecDB Portal https://secdb.nttzen.cloud
Oligo Dynamic SCA https://www.oligo.security/
Opswright Opswright Impact Platform https://opswright.com/
Orca Cloud Security Platform https://orca.security/resources/blog/epss-scoring-system-explained/
Oryx Labs Attack Surface Management https://oryxlabs.ae/
OWASP Dependency Track https://owasp.org/www-project/dependency-track
Palo Alto Network Prisma Cloud https://www.paloaltonetworks.com/prisma/cloud
Palo Alto Network Xpanse https://www.paloaltonetworks.com/blog/security-operations/enable-proactive-incident-response-with-adaptive-risk-scoring/
Phoenix Security Act on Phoenix https://phoenix.security/new-features-november-2022/
Precursor Penetration Testing and Continuous Security Testing Services https://www.precursorsecurity.com/
Procapsuite Procap 360 https://procapsuite.com/
UpGuard UpGuard Platform https://help.upguard.com/en/articles/9180433-what-is-exploit-prediction-scoring-system-epss
Qualys TruRisk https://blog.qualys.com/qualys-insights/2022/10/10/in-depth-look-into-data-driven-science-behind-qualys-trurisk
Rezilion Rezilion https://www.rezilion.com/blog/introducing-our-new-software-supply-chain-security-features/
SecLogic CyberQ Shield https://seclogic.io/
SecOps Solution Full-Stack Vulnerability and Patch Management Platform https://secopsolution.com/epss-calculator
Securin Vulnerability Intelligence https://www.securin.io/vulnerability-intelligence/
SecurityScorecard CVE Details https://www.cvedetails.com/epss/epss-score-history.html
Seemplicity Seemplicity https://seemplicity.io/different-approaches-for-vulnerability-prioritization/
Semgrep Semgrep AppSec Platform https://semgrep.dev/
SentinelOne SentinelOne Vulnerability Management https://www.sentinelone.com/platform/singularity-ranger-insights/
ServiceNow ServiceNow Vulnerability Response https://docs.servicenow.com/bundle/vancouver-security-management/page/product/secops-integration-vr/epss/concept/epss-vr-integration-overview.html
Shield Cyber Attacker-centric Exposure Management https://www.shieldcyber.io/
Shodan CVEDB API https://cvedb.shodan.io/
SideChannel Enclave https://sidechannel.com/blog/enhance-your-security-measures-with-effective-epss-and-exposure-management/
Skybox Vulnerability & Threat Management https://www.skyboxsecurity.com/products/vulnerability-control/
Snyk Security Intelligence https://snyk.io/blog/improved-risk-assessment-with-epss-scores-in-snyk/
SOCRadar Extended Threat Intelligence https://socradar.io/predicting-vulnerability-exploitation-for-proactive-cybersecurity-whats-epss-and-how-can-svrs-enhance-it/
SOOS SOOS Security https://kb.soos.io/help/exploitable-vulnerabilities
SPDX The Software Package Data Exchange (SPDX) https://spdx.dev/capturing-software-vulnerability-data-in-spdx-3-0/
Stackaware AI Risk Management https://stackaware.com/
Strobes VM365 https://help.strobes.co/hc/en-us/articles/13158942134801-Vulnerabilities-Custom-CSV-Export
Tenable Tenable Vulnerability Management https://docs.tenable.com/vulnerability-management/Content/vulnerability-intelligence/vulnerability-information.htm
Ultrared Ultrared Threat Exposure Management https://www.ultrared.ai/blog/epss-and-exposure-management
Uptycs The first unified CNAPP and XDR platform https://www.uptycs.com/products/why-uptycs
Veracode Veracode SCA https://docs.veracode.com/r/Understanding_SCA_exploitability_information
Verve Verve Security Center https://verveindustrial.com/resources/blog/calculated-risk-rating-data-driven-ot-risk-assessment/
Vulcan Vulcan Cyber Risk Management Platform https://vulcan.io/blog/thinking-of-using-epss-heres-what-you-need-to-know/
VulDB Cyber Threat Intelligence https://vuldb.com/?kb.epss
VulnCheck VulnCheck Exploit & Vulnerability Intelligence https://vulncheck.com/product/exploit-intelligence
Vulners Vulners Database https://vulners.com/search
Wiz Wiz Platform https://www.wiz.io/
Würth Phoenix SATAYO CTI Platform https://www.neteye-blog.com/2023/12/epss-implementation-in-satayo/
Yes We Hack Bug Bounty & Vulnerability Management Platform https://www.yeswehack.com/