“Why do we need another scoring system?” is not the best question to ask. Instead we need to get accustomed to asking about performance. This post walks through an example from our latest improvement to our exploit code classifier.

“Why do we need another scoring system?” is not the best question to ask. Instead we need to get accustomed to asking about performance. This post walks through an example from our latest improvement to our exploit code classifier.

Past exploitation is not a guarantee of future exploitation. However, recent exploitation is in fact a powerful predictor of future exploitation!

Conventional wisdom in cybersecurity tells us that if a vulnerability is known to be exploited that everyone should patch it immediately, but the reality is a lot more nuanced. Known exploited in the past does not guarantee future exploited.