AppSoc |
Risk-Based Application Security Posture Management |
https://www.appsoc.com/ |
Aqua Security |
Aqua Workload Protection |
https://support.aquasec.com/support/solutions/articles/16000166626-2023-september-saas-update-release%23EPSS-(Exploit-Prediction-Scorin |
Armis |
Armis Asset Vulnerability Management module |
https://www.armis.com/integrations/exploit-prediction-scoring-system-epss/ |
Armo Security |
Armo Kubernetes Security |
https://hub.armosec.io/docs/vulnerabilities-workloads |
Armorcode |
Risk-Based Vulnerability Management |
https://www.armorcode.com/blog/epss-and-risk-based-vulnerability-prioritization |
Avalor |
Avalor Security Data Fabric |
https://www.avalor.io/integrations |
AWS |
Inspector |
https://aws.amazon.com/about-aws/whats-new/2023/07/amazon-inspector-vulnerability-intelligence-findings/ |
Axonius |
Vulnerability Management Module |
https://docs.axonius.com/docs/vulnerabilities |
Backlash |
Reachability SAST/SCA |
https://www.backslash.security/ |
Balbix |
Risk-Based Vulnerability Management |
https://www.balbix.com/product/risk-based-vulnerability-management/ |
Binarly |
Transparency Platform |
https://binarly.io/capabilities |
Bomber |
Bomber |
https://github.com/devops-kung-fu/bomber |
Brinqa |
Cyber Risk Platform |
https://www.brinqa.com/glossary/what-is-epss-score/ |
Boost Security |
DevSecOps Platform |
https://docs.boostsecurity.io/user-guide/new_release.html#2023-03-09 |
Cavelo |
Attack Surface Management |
https://www.cavelo.com |
CIRCL |
Vulnerability Lookup |
https://vulnerability.circl.lu |
cvefeed.io |
Vulnerability Intelligence |
https://cvefeed.io |
Cisco |
Kenna Security |
https://www.helpnetsecurity.com/2019/11/04/kenna-security-exploit-prediction-scoring-system/ |
Clavis |
Risk-Based Vulnerability Priorization |
https://produto.clavis.com.br/material-bart-gerenciamento-de-vulnerabilidade-baselines-analises-de-risco-testes-de-seguranca/ |
Cytidel |
vulnerability and risk management platform |
https://www.cytidel.com/ |
Claroty |
vulnerability and Risk Management |
https://claroty.com/press-releases/claroty-unveils-new-vulnerability-risk-management-capabilities-to-supercharge-risk-reduction-for-cyber-physical-systems |
Coalition |
Coalition Exploit Scoring System |
https://ess.coalitioninc.com/ |
ConnectSecure |
ConnectSecure Vulnerability Management |
https://connectsecure.com/news/product-update-epss-empowers-msps-to-tackle-high-risk-vulnerabilities |
Cowbell |
Cowbell Insurance |
https://cowbell.insure/ |
Culinda |
Culinda Cloud Security |
https://www.culinda.io/ |
CTM360 |
Threat Cover |
https://www.ctm360.com/ |
CVE Crowd |
CVEs discussed on the Fediverse |
https://cvecrowd.com/ |
Cybeats |
SBOM Studio |
https://www.cybeats.com/sbom-studio |
CybelAngel |
Asset Discovery & Monitoring |
https://cybelangel.com/asset-discovery-and-monitoring/ |
Cyberwatch |
Cyberwatch Vulnerability Management |
https://cyberwatch.fr/veille/epss-quest-ce-que-lexploit-prediction-scoring-system/ |
Cyscale |
Cloud Security Platform |
https://cyscale.com/blog/security-scoring-cvss4-vs-cvss3-need-to-know/ |
Datadog |
Application Vulnerability Management |
https://www.datadoghq.com/product/application-vulnerability-management/ |
Dazz |
Dazz Unified Remediation Platform |
https://www.dazz.io/platform |
Deepfactor |
Application Security Platform |
https://www.deepfactor.io/deepfactor-3-5-includes-enhanced-vulnerability-prioritization-with-epss-support-and-reachability-analysis-for-golang/ |
Denexus |
OT Cyber Risk Quantification |
https://www.denexus.io/products/derisk/industrial |
DevOcean |
Low-Touch Remediation Platform |
https://www.devocean.security/blog/epss-everything-you-need-to-know |
Docker Scout |
Solution for proactively enhancing your software supply chain security |
https://www.docker.com/products/docker-scout/ |
EdgeBit |
EdgeBit Security Platform |
https://edgebit.io/docs/0.x/investigate-epss/ |
Edgescan |
Risk-Based Vulnerability Management Solution |
https://www.edgescan.com/solutions/vulnerability-management/ |
Elastic |
Elastic Seach Platform |
https://www.elastic.co/docs/current/integrations/first_epss |
Endor Labs |
Endor Labs |
https://www.endorlabs.com/blog/cve-vulnerability-epss-ssvc-reachability-vex |
FOSSA |
The Modern Open Source Risk Platform |
https://fossa.com/blog/understanding-using-epss-scoring-system/ |
Flashpoint |
Flashpoint VulnDB |
https://flashpoint.io/resources/datasheets/vulndb-ransomware-and-exploit-prediction-model/ |
Fleet |
Open-source device management |
https://fleetdm.com/upgrade |
ForeScout |
Risk and Exposure Management |
https://www.forescout.com/products/rem/ |
Fortinet |
Forinet DAST |
https://docs.fortinet.com/document/fortidast/23.3.0/user-guide/476620/vulnerabilities |
FortMesa |
Riskchain VM |
https://land.fortmesa.com/vulnerability-management-101 |
Finite State |
Finite State Platform |
https://finitestate.io/products/finite-state-platform/ |
Github Advisory Database |
https://github.blog/changelog/2024-10-10-epss-scores-in-the-github-advisory-database/ |
HackerOne |
CVE Discovery |
https://hackerone.com/hacktivity/cve_discovery |
Hackuity |
Risk-Based Vulnerability Management |
https://www.hackuity.io/ |
IBM Security |
|
Kodem |
Kodem Security |
https://www.kodemsecurity.com/ |
Kondukto |
Kondukto ASPM Platform |
https://kondukto.io/ |
Lansweeper |
Lansweeper Asset Intelligence |
https://community.lansweeper.com/t5/cyber-security-and-risk-insights/understanding-exploitability-fields/ta-p/77274 |
Legit Security |
Legit Supply Chain Security |
https://www.legitsecurity.com/ |
Luna Sec |
Luna Sec |
https://www.lunasec.io/docs/blog/what-is-epss/ |
Manifest |
Manifest |
https://www.manifestcyber.com/blog/introducing-manifest |
Mandiant |
Mandiant Vulnerability Intelligence |
https://www.mandiant.com/resources/blog/enhanced-vulnerability-intelligence |
Mend.io |
Mend |
https://docs.mend.io/bundle/sca_user_guide/page/view_epss_scores_for_container_images.html |
Microsoft |
Microsoft Defender |
https://techcommunity.microsoft.com/t5/microsoft-defender-vulnerability/enhancing-vulnerability-prioritization-with-asset-context-and/ba-p/4212480 |
Mondoo |
Unified Security Posture Management |
https://mondoo.com/docs/platform/security/posture/vulnerabilities/#epss-score |
Morphisec |
Morphisec Vulnerability Management |
https://blog.morphisec.com/morphisec-next-gen-risk-based-vulnerability-prioritization |
Netrise |
Netrise Platform |
https://www.netrise.io/xiot-security-blog/sbom-ingest |
NetSPI |
Attack Surface Management (ASM) |
https://www.netspi.com |
Noetic |
Noetic Platform |
https://noeticcyber.com/risk-driven-vulnerability-prioritization/ |
Nucleus Security |
Nucleus Unified Vulnerability Management |
https://nucleussec.com/blog/what-is-epss/ |
NTT DATA |
YaVS / SecDB Portal |
https://secdb.nttzen.cloud |
Oligo |
Dynamic SCA |
https://www.oligo.security/ |
Opswright |
Opswright Impact Platform |
https://opswright.com/ |
Orca |
Cloud Security Platform |
https://orca.security/resources/blog/epss-scoring-system-explained/ |
Oryx Labs |
Attack Surface Management |
https://oryxlabs.ae/ |
OWASP |
Dependency Track |
https://owasp.org/www-project/dependency-track |
Palo Alto Network |
Prisma Cloud |
https://www.paloaltonetworks.com/prisma/cloud |
Palo Alto Network |
Xpanse |
https://www.paloaltonetworks.com/blog/security-operations/enable-proactive-incident-response-with-adaptive-risk-scoring/ |
Phoenix Security |
Act on Phoenix |
https://phoenix.security/new-features-november-2022/ |
Precursor |
Penetration Testing and Continuous Security Testing Services |
https://www.precursorsecurity.com/ |
Procapsuite |
Procap 360 |
https://procapsuite.com/ |
UpGuard |
UpGuard Platform |
https://help.upguard.com/en/articles/9180433-what-is-exploit-prediction-scoring-system-epss |
Qualys |
TruRisk |
https://blog.qualys.com/qualys-insights/2022/10/10/in-depth-look-into-data-driven-science-behind-qualys-trurisk |
Rezilion |
Rezilion |
https://www.rezilion.com/blog/introducing-our-new-software-supply-chain-security-features/ |
SecLogic |
CyberQ Shield |
https://seclogic.io/ |
SecOps Solution |
Full-Stack Vulnerability and Patch Management Platform |
https://secopsolution.com/epss-calculator |
Securin |
Vulnerability Intelligence |
https://www.securin.io/vulnerability-intelligence/ |
SecurityScorecard |
CVE Details |
https://www.cvedetails.com/epss/epss-score-history.html |
Seemplicity |
Seemplicity |
https://seemplicity.io/different-approaches-for-vulnerability-prioritization/ |
Semgrep |
Semgrep AppSec Platform |
https://semgrep.dev/ |
SentinelOne |
SentinelOne Vulnerability Management |
https://www.sentinelone.com/platform/singularity-ranger-insights/ |
ServiceNow |
ServiceNow Vulnerability Response |
https://docs.servicenow.com/bundle/vancouver-security-management/page/product/secops-integration-vr/epss/concept/epss-vr-integration-overview.html |
Shield Cyber |
Attacker-centric Exposure Management |
https://www.shieldcyber.io/ |
Shodan |
CVEDB API |
https://cvedb.shodan.io/ |
SideChannel |
Enclave |
https://sidechannel.com/blog/enhance-your-security-measures-with-effective-epss-and-exposure-management/ |
Skybox |
Vulnerability & Threat Management |
https://www.skyboxsecurity.com/products/vulnerability-control/ |
Snyk |
Security Intelligence |
https://snyk.io/blog/improved-risk-assessment-with-epss-scores-in-snyk/ |
SOCRadar |
Extended Threat Intelligence |
https://socradar.io/predicting-vulnerability-exploitation-for-proactive-cybersecurity-whats-epss-and-how-can-svrs-enhance-it/ |
SOOS |
SOOS Security |
https://kb.soos.io/help/exploitable-vulnerabilities |
SPDX |
The Software Package Data Exchange (SPDX) |
https://spdx.dev/capturing-software-vulnerability-data-in-spdx-3-0/ |
Stackaware |
AI Risk Management |
https://stackaware.com/ |
Strobes |
VM365 |
https://help.strobes.co/hc/en-us/articles/13158942134801-Vulnerabilities-Custom-CSV-Export |
Tenable |
Tenable Vulnerability Management |
https://docs.tenable.com/vulnerability-management/Content/vulnerability-intelligence/vulnerability-information.htm |
Ultrared |
Ultrared Threat Exposure Management |
https://www.ultrared.ai/blog/epss-and-exposure-management |
Uptycs |
The first unified CNAPP and XDR platform |
https://www.uptycs.com/products/why-uptycs |
Veracode |
Veracode SCA |
https://docs.veracode.com/r/Understanding_SCA_exploitability_information |
Verve |
Verve Security Center |
https://verveindustrial.com/resources/blog/calculated-risk-rating-data-driven-ot-risk-assessment/ |
Vulcan |
Vulcan Cyber Risk Management Platform |
https://vulcan.io/blog/thinking-of-using-epss-heres-what-you-need-to-know/ |
VulDB |
Cyber Threat Intelligence |
https://vuldb.com/?kb.epss |
VulnCheck |
VulnCheck Exploit & Vulnerability Intelligence |
https://vulncheck.com/product/exploit-intelligence |
Vulners |
Vulners Database |
https://vulners.com/search |
Wiz |
Wiz Platform |
https://www.wiz.io/ |
Würth Phoenix |
SATAYO CTI Platform |
https://www.neteye-blog.com/2023/12/epss-implementation-in-satayo/ |
Yes We Hack |
Bug Bounty & Vulnerability Management Platform |
https://www.yeswehack.com/ |