Predicting Exploitability of Software Vulnerabilities and Recommending Alternate Software Packages

Identifying and evaluating exploitability of software vulnerabilities is provided. A vulnerability identified and a level of exploitability of the vulnerability corresponding to a software package is evaluated prior to installation of the software package on a data processing system based on data collected from a plurality of software vulnerability data sources. Related alternative software packages corresponding to the software package to be installed on the data processing system are identified based on a comparative analysis between alternative software packages and the software package. A confidence level is determined for each respective related alternative software package for resolving the level of exploitability. The related alternative software packages are ranked from least to most vulnerable based on a calculated exploitability score corresponding to each respective related alternative software package. Insights are generated based on determined confidence levels and rankings corresponding to calculated exploitability scores of the related alternative software packages.