Platform

Risk scoring philosophy

Platform scoring is designed to reflect operational cyber risk movement, not static severity labels in isolation. The model combines technical severity with recurrence, exposure, and verification context.

For: risk committees, board reporting teams, and security operators who need explainable, defensible prioritization.

Last updated: 28 April 2026

Beyond CVSS

CVSS remains a useful input, but not a complete risk model. The platform treats CVSS as one signal among multiple contextual factors that influence real exposure and remediation urgency.

Recurrence and exposure weighting

Recurring vulnerabilities indicate persistent control weakness and can increase risk weighting. Exposure context further adjusts urgency based on reachable attack surface, privilege boundary impact, and operational criticality.

Verification and confidence

Claimed remediation and independently verified remediation are not treated as equivalent confidence states. Verification updates scoring confidence and helps avoid optimistic posture distortion.

Temporal posture movement

Posture movement is tracked over time so stakeholders can see whether risk is genuinely improving or simply cycling between discovery and partial closure. Trends are designed for governance, not one-off snapshots.

Board and operator views

Scoring outputs are presented in formats suitable for both executive governance and technical operations, allowing boards and engineering teams to work from the same evidence while focusing on different decisions.

This shared model reduces reporting friction between leadership and engineering by linking strategic posture movement directly to evidence-backed vulnerability lifecycle outcomes.

Related documentation

Was this page helpful?

Trust and legal

Trust and legal baselinePrivacy notice (POPIA)PAIA ManualCookie and tracking noticeWebsite termsSecurity testing authorizationPlatform termsResponsible disclosure