I Built an EPSS-Integrated CVE Risk Scoring Tool (Day0Predictor v0.1)

#cybersecurity #tooling #showdev #machinelearning

Security teams don’t have a CVE problem — they have a prioritization problem.

CVSS tells us severity.
EPSS tells us likelihood of exploitation.

But defenders still end up asking:

“Which CVEs do I actually fix first?”

To explore that gap, I built Day0Predictor v0.1 — a defensive, transparent CVE risk scoring tool that integrates EPSS signals with interpretable machine learning.

This is not a zero-day detector and not a scanner.
It’s a prioritization signal designed to be auditable and explainable.

🔍 What Day0Predictor Does

Combines EPSS score + percentile

Adds structured threshold features (≥0.01, ≥0.10, ≥0.50)

Trains a lightweight, interpretable model

Outputs:

Risk score (0–100)

Features used

Reasons for the score

Clear disclaimers

No black box. No hype.

🧠 Why EPSS Alone Isn’t Enough

EPSS is powerful, but in practice:

Scores fluctuate daily

Context is missing (attack patterns, structure)

Defenders still need explanation

Day0Predictor treats EPSS as strong evidence, not truth.

Think of it as:

EPSS + structure + explainability

🧪 Example Output
{
"cve_id": "CVE-2021-44228",
"risk": 98,
"mode": "trained_model_epss",
"features": {
"epss": 0.94358,
"percentile": 0.99957,
"epss_ge_050": 1.0
},
"reasons": [
{ "feature": "epss", "direction": "up" },
{ "feature": "percentile", "direction": "up" }
]
}

This is the kind of output defenders can audit and trust.

🛠️ CLI Usage

Score a CVE directly by ID using EPSS:

day0predict score-epss \
--cve-id CVE-2021-44228 \
--model models/day0predict.joblib \
--format json

You can also score CVE JSON files directly.

📊 Model Notes

Logistic regression (intentionally simple)

Handles class imbalance

ROC-AUC ≈ 0.92

Explainability prioritized over complexity

This tool is meant to support human judgment, not replace it.

📦 Open Source