Supporting EPSS: Our Vision for a More Data-Driven Future

At Empirical Security, we have known for some time now that EPSSLink to https://www.first.org/epss/ serves as essential infrastructure within cybersecurity operations (over 100 vendors incorporate it into their products today). Our support for EPSS aligns closely with our broader vision of evolving cybersecurity tools into a more rigorous and data-driven framework. Our longstanding position has been clear: all cybersecurity tools need to become significantly more data-driven to effectively handle the complexity of current threats.

Historically, successful open-source projects—Hadoop, Elasticsearch, MongoDB, Airflow, and even Spark—have demonstrated that sustained community engagement alongside committed support from private companies is critical. These projects succeed and thrive because commercial entities actively contribute both resources and technical expertise to their ongoing development. Recognizing the effectiveness of this collaborative model, Empirical Security is committed to providing similar foundational support to EPSS.

Our pledge at Empirical Security is straightforward: EPSS will always remain freely accessible and published every day as they have been for years now. We will continue curating and contributing data sets and investing our analysts and data scientists time into the evolution and enhancement of EPSS models. Cybersecurity models inherently require constant maintenance, updating, and re-training on emerging data to ensure they remain accurate and effective against current threats. A really clear example of this is the decay over time of the performance of EPSS v3. Two years after the release of v3, we’re proud to launch EPSS v4Link to /research/introducing-epss-version-4. Regular model re-training and the ongoing incorporation of new, empirical data form the core of this roadmap—commitments that Empirical Security will uphold rigorously.

We encourage analysts and other cybersecurity practitioners to actively participate in shaping the future direction of EPSS. During VulnConLink to https://www.first.org/conference/vulncon2025/, our Chief Data Scientist, Jay Jacobs, will be available for in-depth technical discussions. We invite you to connect with us, share your insights, and contribute ideas that will directly influence the development roadmap.

Finally, our goal is to inspire broader industry collaboration. Empirical Security actively encourages other cybersecurity vendors to join our initiative in supporting EPSS. By collectively investing resources and expertise, we can significantly enhance the capability and reliability of cybersecurity tools based on shared, high-quality empirical data.

Together, let's ensure EPSS continues to evolve as a cornerstone for data-driven cybersecurity analysis, benefiting the entire security community.

Our co-founders, Jay and Michael, presenting the first EPSS paperLink to https://arxiv.org/abs/1908.04856 at Blackhat 2019.