Risk scores are calculated daily based on the following factors to provide a comprehensive analysis of your account.
Vulnerability severity
We rate detected vulnerabilities using a 1-5 severity level scale. Risk points are assigned for each severity level as follows:
Severity 5, +600 risk points
An attacker can take full control.
Severity 4, +300 risk points
An attacker can access critical data.
Severity 3, +100 risk points
An attacker can access sensitive data.
Severity 2, +25 risk points
An attacker can access configuration data.
Severity 1, +10 risk points
An attacker can access unnecessary data.
Open ports
An attack is more likely to happen when your perimeter has more open ports than the average organization. We add 25 risk points per open port.
Vulnerability days
The longer a vulnerability exists, the more likely it is to be exploited. When a target has any active vulnerabilities, we add 1 additional risk point each day until resolved.
Last scan days
Scanning frequently enables you to stay ahead of new issues. The longer you go without scanning, the higher the likelihood of an issue not being accounted for. We add 2 additional risk points for each day since your last scan.
Asset Risks
Certain assets that present a high or medium risk will add points to your risk score as follows.
| High Risk | Medium Risk | |
| Firewall port | 600 | 300 |
| Website certificate | 600 | 300 |
| Website script | 600 | 300 |
| Website cookie | 600 | 10 |
| Website header | 600 | 150 |
| Website form | 600 | 300 |
| Website link | 600 | 10 |
Use the risk score calculator in your account to get a better understanding of potential risk and how that might impact you. Input custom values into the calculator to explore different risk situations and quickly see the expected risk score projection.