CISA and NIST researchers are proposing a vulnerability exploitation probability metric which will help to identify the likelihood that a vulnerability has been exploited in the wild. The metric would be called Likely Exploited Vulnerabilities, or LEV, and hopes to bridge the gap between the thousands of vulnerabilities discovered each year and the small percentage that are actually exploited. This would help organizations prioritize patching. CISA currently maintains the Known Exploited Vulnerabilities (KEV) lists, which identifies vulnerabilities which have already been exploited in the wild. 

Read more: https://www.securityweek.com/vulnerability-exploitation-probability-metric-proposed-by-nist-cisa-researchers/