VulnDB Ransomware and Exploit Prediction Model

This document is a technical report that outlines the VulnDB Ransomware and Exploit Prediction Model developed by Flashpoint. The report details the challenges faced by security teams in prioritizing vulnerabilities due to the large number of vulnerabilities disclosed annually. It emphasizes the importance of focusing on vulnerabilities that are most likely to be exploited in ransomware attacks. The model provides a Ransomware Likelihood score and two implementations of the Exploit Prediction Scoring System (EPSS) for each vulnerability. The EPSS model uses predictive analysis to assess the likelihood of a vulnerability being used in future ransomware operations, leveraging a comprehensive dataset from VulnDB. Additionally, the report highlights the robust vulnerability intelligence provided by VulnDB, which includes over 340,000 vulnerabilities and advanced metadata. The document aims to equip vulnerability management teams with the necessary information to prioritize and remediate vulnerabilities effectively.