Update EPSS URL

[jgamblin]

Move EPSS URL From Cyentia to Empirical Security. https://epss.empiricalsecurity.com/epss_scores-current.csv.gz.
The old URL no longer works. The URL is back but it is now a redirect and should be updated.

[terriko]

They're both working for me right now. Is there an announcement somewhere about the change or is this an attempt to get us to do something sketchy? My apologies for being so suspicious if this wasn't a social engineering attempt, but we've been getting some really weird pull requests.

[jgamblin]

hi @terriko,

I completely understand it sounds sketchy, but it is a real change. The URL was down for about a day or so but Cyentia turned back on the redirect for now.

All of the links on first.org have been updated to Empirical Security.
https://www.first.org/epss/data_stats

@jayjacobs is from Empirical and can also verify if needed.

[stvml]

~$ curl -I https://epss.cyentia.com/epss_scores-current.csv.gz
HTTP/1.1 200 Connection established
Proxy-Agent: Fortinet-Proxy/1.0

HTTP/2 301
content-length: 0
location: https://epss.empiricalsecurity.com/epss_scores-current.csv.gz
date: Wed, 07 May 2025 23:14:08 GMT
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 9f4bc08bf8fe4d53ba73713387d5ab3e.cloudfront.net (CloudFront)
x-amz-cf-pop: HIO50-C2
x-amz-cf-id: EJfEBnEGaFM5vC5QSW4i69Fr41eOdymE8F8kh6u5KFP9xUCcP8Rcuw==
age: 57

Confirmed the old URL is a 301 to the new URL. I'll go ahead and fire the CI.