Measuring CVE Performance
Vuln4Cast 2024
, Ben Edwards
https://bjedwards.observablehq.cloud/measuring-cna-performance/
"Important" CVEs
And how much info we have on them
What are important CVEs?
Those likely to be exploited (EPSS)
Those likely to be present
Higher likelihood of exploitation -> lower prevalence of CVE info
No clear pattern with prevalance!