The Exploit Prediction Scoring System (EPSS) is a data-driven effort for estimating the likelihood (probability) that a software vulnerability will be exploited in the wild. EPSS is closely tied to the Common Vulnerabilities and Exposures (CVE) database: it assign the likelihood of exploitation to CVE IDs. By studying the EPSS database, we can gain insight into how vulnerable embedded IoT devices likely are.

The tasks of the student involve:
- Get familiar with the CVE and EPSS databases, as well as other derivative databases (e.g., NVD, CVE Details)
- Automatically filter vulnerabilities found in the CVE database, focusing on embedded IoT devices
- Compare filtered CVE records with data found in the EPSS database to see how exploitable the vulnerabilities are
- Visualize the results