Elevate CVE Remediation with EPSS, Now Integrated in HackerOne Hacktivity

October 24, 2023 Michiel Prins

At HackerOne, we've always been committed to helping customers navigate the complex landscape of prioritizing vulnerability remediation. The CVE Discovery feature in Hacktivity is instrumental in prioritization efforts; it offers customers insights into which CVEs are actively reported by hackers. This visibility provides intelligence on the ease of finding and exploiting these vulnerabilities, thus providing a practical lens to view and prioritize remediation efforts, effectively augmenting the CVSS rating.

Today, we are making that even more accurate and easier by integrating EPSS (Exploit Prediction Scoring System) into Hacktivity. 

CVE Discovery page in the HackerOne Hacktivity interface


What Is EPSS?

EPSS is a new and upcoming industry standard developed and governed by the Forum of Incident Response and Security Teams (FIRST), a group responsible for a number of vulnerability scoring protocols. EPSS provides a live measure of exploitability for each CVE. EPSS aims to inform us of exploitation risk by providing a more accurate portrayal of exploit likelihood using a predictive model. An EPSS score estimates the probability of observing in-the-wild exploitation attempts against that vulnerability in the next 30 days. In other words, it is another excellent source of context to factor into your vulnerability backlog prioritization efforts.

What Does This Mean for Hacktivity?

EPSS scores are now directly integrated into Hacktivity’s CVE Discovery page on HackerOne. Customers can combine well-known CVSS ratings with EPSS and HackerOne’s platform intelligence, gaining a significant information advantage in the remediation of CVEs. This advantage allows enterprises to prioritize remediation efforts more effectively and establish risk-aligned remediation SLAs.

CVE Example with EPSS integration in HackerOne Hacktivity


Make the Most of HackerOne Hacktivity Integration

At HackerOne, we’re constantly improving our integrations to not only make our solutions fit better into your existing processes and tech stack but also enhance your entire vulnerability management program. If you have questions about how to better leverage Hacktivity or other HackerOne integrations for your security program, contact our expert team today

Previous Article
Responsible AI at HackerOne
Responsible AI at HackerOne

HackerOne's AI can already be used to:1. Help automate vulnerability detection, using Nuclei, for example2....

Next Article
Kicking Off the Final Round of the 2023 Ambassador World Cup
Kicking Off the Final Round of the 2023 Ambassador World Cup

The Ambassador World Cup So FarTeams & hackersThe Ambassador World Cup started out with 29 teams and 677 ha...