Researchers behind a public effort to create a way of predicting the exploitation of vulnerabilities have announced a new machine-learning model that improves its prediction capabilities by 82% -- a significant boost. Organizations can access the model, which will go live on March 7, via an API to identify the highest scoring software flaws at any moment in time. The third version of the Exploit Prediction Scoring System (EPSS) uses more than 1,400 features -- such as the age of the vulnerability, whether it is remotely exploitable, and whether a specific vendor is affected -- to successfully predict which software issues will be exploited in the next 30 days. Security teams that prioritize vulnerability remediation based on the scoring system could reduce their remediation workload to an eighth of the effort by using the latest version of the Common Vulnerability Scoring System (CVSS), according to a paper on EPSS version 3 published on arXiv last week. EPSS can be used as a tool to reduce workloads on security teams, while enabling companies to remediate the vulnerabilities that represent the most risk, says Jay Jacobs, chief data scientist at Cyentia Institute and first author on the paper.

Thousands of incarcerated people in Arizona have been kept behind bars by a software glitch, according to a report by KJZZ broadcast Monday. Anonymous whistleblowers from the Arizona Department of Corrections whistleblowers leaked details about the situation to the Phoenix NPR member station. Arizona has the fifth highest imprisonment rate in the country, and its incarcerated people are mostly nonviolent drug offenders. In 2019, the state Legislature passed a law aiming to change that by providing a way for nonviolent criminals to secure early release. For every seven days spent in a GED or substance abuse treatment program, an incarcerated person can shave three days off a sentence.

The discovery of major software flaws could render thousands of fMRI brain studies inaccurate. The use of fMRI is a common method for scanning the brain in neuroscience and psychology experiments. To make sense of the data produced, researchers sometimes use a technique called spatial autocorrelation to identify areas of the brain that appear to "light up" during particular tasks or experiences. But some software flaws in the popular fMRI data analysis packages SPM, FSL and AFNI meant this technique routinely produced false positives, resulting in errors 50 per cent of the time or more. Anders Eklund and Hans Knutsson at Linköping University in Sweden and Thomas Nichols at the University of Warwick, UK, calculated this by analysing brain data from a collaborative open fMRI project called 1000 Functional Connectomes.

Today's malicious hackers have an average of 312 days to exploit "zero-day" computer software flaws before human cybersecurity experts can find and fix those flaws. The U.S. military's main research agency focused on disruptive technologies aims to see whether artificial intelligence can do a better job of finding and fixing such exploits within a matter of seconds or minutes. This summer, seven finalist teams in the Cyber Grand Challenge the U.S. Defense Advanced Research Projects Agency (DARPA) will do battle with AI systems that can autonomously scan rivals' network servers for exploits and protect their own servers by actively finding and fixing software flaws. The immediate rewards comes in the form of a US 2 million prize for first place, 1 million for second place, and 750,000 for third place. But in the long run, DARPA hopes the challenge results will prove autonomous AI systems have become capable enough to help humans in the never ending struggle to protect computer software and networks.