EPSS documentation updated for ADB (#52534)

Co-authored-by: Chris Bloom <[email protected]> Co-authored-by: Robert Thorpe II <[email protected]> Co-authored-by: Ricardo Kreyhsig <[email protected]> Co-authored-by: mc <[email protected]> Co-authored-by: Caro Galvin <[email protected]>
github · Oct 10, 2024 · 5c0c41f · 5c0c41f
1 parent 80c4d96
commit 5c0c41f
Showing 1 changed file with 20 additions and 3 deletions.
diff --git a/...isories-from-the-github-advisory-database/about-the-github-advisory-database.md b/...isories-from-the-github-advisory-database/about-the-github-advisory-database.md
@@ -68,9 +68,7 @@ Our malware advisories are mostly about substitution attacks. During this type o
 
 ## About information in security advisories
 
-In this section, you can find more detailed information about security advisories in the {% data variables.product.prodname_advisory_database %}, such as:
-* Advisory IDs and what format these identifiers use.
-* The CVSS levels we used to assign severity levels.
+In this section, you can find more detailed information about specific data attributes of the {% data variables.product.prodname_advisory_database %}.
 
 ### About GHSA IDs
 
@@ -105,6 +103,25 @@ The {% data variables.product.prodname_advisory_database %} uses the CVSS levels
 
 {% data reusables.repositories.github-security-lab %}
 
+### About EPSS scores
+
+The Exploit Prediction Scoring System, or EPSS, is a system devised by the global Forum of Incident Response and Security Teams (FIRST) for quantifying the likelihood of vulnerability exploit. The model produces a probability score between 0 and 1 (0 and 100%), where the higher the score, the greater the probability that a vulnerability will be exploited. For more information about FIRST, see https://www.first.org/.
+
+The {% data variables.product.prodname_advisory_database %} includes EPSS scores from FIRST for advisories containing CVEs with corresponding EPSS data.  {% data variables.product.company_short %} also displays the EPSS score percentile, which is the proportion of all scored vulnerabilities with the same or a lower EPSS score.
+
+For example, if an advisory had an EPSS score that had a percentage of 90.534% at the 95th percentile, according to the [EPSS model](https://www.first.org/epss/model), this means that:
+
+* There is a 90.534% chance of this vulnerability being exploited in the wild in the next 30 days.
+* 95% of the total modeled vulnerabilities are considered less likely to be exploited in the next 30 days than this vulnerability.
+
+Extended information about how to interpret this data can be found in FIRST's EPSS User Guide. This information helps you understand how both percentage and percentile can be used to interpret the likelihood that a vulnerability could be exploited in the wild according to FIRST's model. For more information, see the [FIRST's EPSS User Guide](https://www.first.org/epss/user-guide) on the FIRST website.
+
+FIRST also provides additional information around the distribution of their EPSS data.  For more information, see [EPSS data and statistics documentation](https://www.first.org/epss/data_stats) on the FIRST website.
+
+>[!NOTE] {% data variables.product.company_short %} keeps EPSS data up to date with a daily synchronization action. While EPSS score percentages will always be fully synchronized, score percentiles will only be updated when significantly different.
+
+At {% data variables.product.company_short %}, we do not author this data, but rather source it from FIRST, which means that this data is not editable in community contributions.
+
 ## Further reading
 
 * "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)"