The comma separated values (CSV) file format must have a column named "cve" and a
column named "epss" at least. This file is the superset and contains a
subset of the Exploited Vulns.
Read Exploited Vulns CSV file
The comma separated values (CSV) file format must have a column named "cve" and a
column named "epss" at least. This file is a subset of the
Vulns supplied above.
Chart
Terminology
For more information on EPSS and the terminology please visit the official web site here.
True Positives
TP are vulnerabilities that were exploited and that our we decided to patch.
False Positives
FP are vulnerabilities we patched, but weren't exploited.
False Negatives
FN are vulnerabilities that were exploited, but we did not patch.
True Negatives
TN are vulnerabilities that were not exploited and that we did not patch.
Efficieny
The ratio of how many vulnerabilities were patched that were exploited (TP) versus the total
number of
patched vulnerabilities (TP + FP).
This is also called Precision and is calculated as TP / (TP + FP).
Coverage
The ratio of how many vulnerabilities were patched that were exploited (TP) versus the total
number of
exploited vulnerabilities (TP + FN).
This is also called Recall and is calculated as TP / (TP + FN).
Effort
The ratio of vulnerabilities selected by choosing a specific threshold to the total number of
vulnerabilities that can be patched.
Put differently, a subset of vulnerabilities will be patched as a percentage of the total number
of
vulnerabilities that can be patched.