January 2024


A new Inspections feature in Aptori-Sift empowers you to craft test cases tailored to your application's unique business logic, simplifying the process of validating custom policies that address specific aspects of your application.

Inspections are a low-code approach to defining the policies and behaviors Aptori-sift checks. The ability to share Inspections enhances collaboration with the community and among team members. By facilitating the sharing of these policies, it allows for a more efficient exchange of ideas and strategies. This collaborative approach leads to faster identification and implementation of the most suitable policies for your applications and novel attack vectors,  leveraging collective knowledge and experience for better policy formulation and application security.

The Exploit Prediction Scoring System (EPSS) is an approach to predict the likelihood of a given vulnerability being exploited in the wild. Produced by the Forum of Incident Response and Security Teams (FIRST), EPSS employs a data-driven, probabilistic model that estimates the risk of exploitation within 30 days. This system uses a combination of vulnerability characteristics and real-world data to provide a dynamic score, offering a more nuanced and responsive measure than static vulnerability assessments. 

Aptori automatically incorporates real-time EPSS scores for every identified vulnerability when utilizing integrated scanners for Software Composition Analysis (SCA), Dependency Checks, Container Scanning, and Static Application Security Testing. This simplifies sorting and filtering issues based on their EPSS scores, allowing for quick prioritization of critical vulnerabilities that require immediate remediation.

EPSS scores are presented as a percentage, ranging from 0% (indicating minimal likelihood of exploitation) to 100% (signifying maximum probability of exploitation). To enhance understanding, EPSS also includes percentile rankings. These rankings place an individual EPSS score in the context of all other EPSS scores, offering a comparative perspective. This dual approach of using both probability scores and percentile rankings aids in refining the prioritization process, allowing for more informed decision-making in vulnerability management. 

Using the EPSS Scoring System for Better Security
Release Notes