Michiel Prins
Co-founder and Senior Director, Product Management
Vulnerability Management

Elevate CVE Remediation with EPSS, Now Integrated in HackerOne Hacktivity

Hackers using EPSS integration in HackerOne Hacktivity

One of the trickiest jobs in vulnerability management is prioritization. While it's a best practice to prioritize CVEs (Common Vulnerabilities and Exposures) with high and critical CVSS (Common Vulnerability Scoring System) ratings, these ratings alone fall short of painting a clear picture of exploitation risk. 

At HackerOne, we've always been committed to helping customers navigate the complex landscape of prioritizing vulnerability remediation. The CVE Discovery feature in Hacktivity is instrumental in prioritization efforts; it offers customers insights into which CVEs are actively reported by hackers. This visibility provides intelligence on the ease of finding and exploiting these vulnerabilities, thus providing a practical lens to view and prioritize remediation efforts, effectively augmenting the CVSS rating.

Today, we are making that even more accurate and easier by integrating EPSS (Exploit Prediction Scoring System) into Hacktivity. 

CVE Discovery page in the HackerOne Hacktivity interface


What Is EPSS?

EPSS is a new and upcoming industry standard developed and governed by the Forum of Incident Response and Security Teams (FIRST), a group responsible for a number of vulnerability scoring protocols. EPSS provides a live measure of exploitability for each CVE. EPSS aims to inform us of exploitation risk by providing a more accurate portrayal of exploit likelihood using a predictive model. An EPSS score estimates the probability of observing in-the-wild exploitation attempts against that vulnerability in the next 30 days. In other words, it is another excellent source of context to factor into your vulnerability backlog prioritization efforts.

What Does This Mean for Hacktivity?

EPSS scores are now directly integrated into Hacktivity’s CVE Discovery page on HackerOne. Customers can combine well-known CVSS ratings with EPSS and HackerOne’s platform intelligence, gaining a significant information advantage in the remediation of CVEs. This advantage allows enterprises to prioritize remediation efforts more effectively and establish risk-aligned remediation SLAs.

CVE Example with EPSS integration in HackerOne Hacktivity


Make the Most of HackerOne Hacktivity Integration

At HackerOne, we’re constantly improving our integrations to not only make our solutions fit better into your existing processes and tech stack but also enhance your entire vulnerability management program. If you have questions about how to better leverage Hacktivity or other HackerOne integrations for your security program, contact our expert team today