Exploit Prediction Scoring System
EPSS uses data-driven modeling to estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. Teams combine EPSS with CVSS and the KEV list to focus patching effort where exploitation is most likely. It matters because it helps answer the practical question of what attackers will actually go after, not just what could theoretically be bad.