[Spike] Determine change frequency and magnitude of EPSS scores

Motivation

We want to display EPSS scores for vulnerabilities collected by SCA tools. The current vulnerability enrichment process follows a pipeline where advisories are updated based on changes from the previous state. EPSS scores, however, are all updated on a daily basis. There are more than 250,000 scored CVEs, so these deltas would be major. We would like to determine how major these daily changes may be.

Questions

• What is the likelihood an EPSS score changes after its daily update?
• How many EPSS score values change each day? What is the average and median?
  • How many of the score values change each day when looking only at the score?
  • How many values change when looking at both the score and the percentile?

EPSS scores truncated to two digits after the dot

• What is the likelihood an EPSS score changes after its daily update?
• How many EPSS score values change each day? What is the average and median?
  • How many of the score values change each day when looking only at the score?
  • How many values change when looking at both the score and the percentile?

Methodology

1. Retrieve historical EPSS data for five+ different days.
2. Determine the delta between each pair of consecutive days. Count changed values and infer change likelihood.
3. Determine average and median amount of changes.
4. Redo with scores truncated to two digits after the dot.
5. Redo with dates from a different month.