---
title: "Improved security with EPSS in Enterprise Policy Management"
description: "Cloudsmith’s Enterprise Policy Management (EPM) now supports the Exploit Prediction Scoring System (EPSS), a data-driven metric designed to estimate the probability of a software vulnerability being exploited in the wild."
canonical_url: "https://cloudsmith.com/changelog/improved-security-with-epss-in-enterprise-policy-management"
last_updated: "2025-04-01T08:09:00.000Z"
---
# Improved security with EPSS in Enterprise Policy Management

Cloudsmith’s Enterprise Policy Management (EPM) now supports the Exploit Prediction Scoring System (EPSS), a data-driven metric designed to estimate the probability of a software vulnerability being exploited in the wild.

Using Enterprise Policy Management, you can now use a package’s EPSS score to inform your package workflows, including those around package quarantine and promotion.

#### Why EPSS Matters

- **Risk Assessment**: Use EPSS scores to prioritize vulnerabilities most likely to be exploited, to strengthen your organization’s security posture and automate your response to vulnerabilities.
- **Enhanced Control**: Leverage EPSS-based policies for more granular, data-informed decisions around vulnerability management.
- **Automated Responses:** Remain protected in real time as Cloudsmith automatically re-checks and re-applies your policies when EPSS scores change.

Check out [Enterprise Policy Management](https://help.cloudsmith.io/docs/enterprise-policy-management) for more information, or [contact us](/company/contact-us) if you have any questions or feedback on this feature.
