The National Institute of Standards and Technology has published a white paper that establishes a metric for determining if a product vulnerability has been exploited. The NIST Cybersecurity White Paper, or CWSP, 41 describes the Likely Exploited Vulnerabilities, or LEV, calculation and how organizations can use it to guide their prioritization efforts, the agency said Monday.
LEV, according to NIST, can augment the Exploit Prediction Scoring System, or EPSS, and the Known Exploited Vulnerability, a.k.a. KEV, list.
A New Way to Address IT Vulnerabilities
The white paper offers two versions of the LEV equation: one that utilizes EPSS scores as predictors for 30-day windows as intended and one that divides the EPSS scores by 30 to create single-day predictions.
The second LEV equation, the document revealed, requires more computational resources, incorporates more EPSS scores and takes into account changing EPSS scores.
NIST warned that the LEV has an unknown margin of error. The equation uses the EPSS, which can be inaccurate because it does not include past vulnerability exploitation as an input into its model. Vulnerabilities exploited within 30 days will also not receive an EPSS score bump in a subsequent period.
The agency hopes that the white paper can also identify opportunities to improve popular systems used to determine vulnerability exploitation.
Related Articles
The Senate on Saturday voted 59-35 to confirm Sean Cairncross, a former Republican National Committee official, as the next national cyber director. With his confirmation, Cairncross succeeds Harry Coker as head of the White House Office of the National Cyber Director. In this capacity, he will serve as the principal adviser to the U.S. president on cybersecurity strategy and policy in relation to the coordination of information security and data protection; efforts to deter malicious cyber activity; and programs and policies meant to improve the U.S. cybersecurity posture, among others. In February, President Donald Trump nominated Cairncross to the role.
Edward Forst has been nominated by President Donald Trump as the next administrator of the General Services Administration, succeeding Robin Carnahan, who resigned in January after serving for nearly four years. The White House announced the nomination on Sunday. Who Is Edward Forst? Forst is a seasoned executive and investor with vast experience in the global financial services and real estate industries. He most recently served as chairman of London-based private equity firm Lion Capital for three years. He was also the CEO of Cushman & Wakefield from 2013 to 2015. He spent 17 years at Goldman Sachs serving various senior executive
The Senate voted on Thursday 53-44 to confirm Matthew Kozma as the new undersecretary of the Department of Homeland Security for intelligence and analysis. In his role, Kozma would manage the Office of Intelligence and Analysis, which detects and addresses domestic and international threats, cyber risks and evolving national security issues, Homeland Security Today reported. He will lead the intelligence efforts to ensure the sharing of threat information between federal, state and local agencies. Find out more about the challenges and opportunities of the agency at the Potomac Officers Club 2025 Homeland Security Summit on November 12. Get insights into