Microsoft's Patch Tuesday disclosures

本文研究的数据集来源于微软的四个月Patch Tuesday公告，共包含600个真实世界漏洞。这些漏洞数据集用于评估四个广泛使用的漏洞评分系统的有效性，包括CVSS、EPSS、SSVC和Exploitability Index。数据集通过分析这些评分系统在漏洞管理任务中的表现，以及它们如何帮助组织进行漏洞优先级排序和缓解工作。

The dataset studied in this paper is sourced from four months of Microsoft Patch Tuesday bulletins, containing a total of 600 real-world vulnerabilities. This dataset is utilized to evaluate the effectiveness of four widely adopted vulnerability scoring systems, including CVSS, EPSS, SSVC, and the Exploitability Index. Specifically, it analyzes the performance of these scoring systems in vulnerability management tasks, as well as how they assist organizations with vulnerability prioritization and mitigation efforts.