Open pombredanne opened 2 years ago
There is an API now at https://www.first.org/epss/api keyed by CVE
See this page for additional info: https://www.first.org/epss/api
Based on the initial review of https://github.com/nexB/vulnerablecode/pull/1481 we should refactor this to be a severity scoring instead:
published_at
date to the Vulnerability score model. See https://github.com/nexB/vulnerablecode/blob/9c12d56cc6b726eae35dd5c1bc5f2a6d6955707a/vulnerabilities/models.py#L899 It will be updated with the EPSS score publication date and other scores too. scoring_elements
fieldvalue
field
See https://www.first.org/epss/ ... this is an interesting CVSS alternative scoring system. For data, The fisrt link https://www.first.org/epss/data_stats links to https://epss.cyentia.com/ and https://epss.cyentia.com/epss_scores-current.csv.gz
Data license is per https://www.first.org/epss/#Usage-Agreement