How we calculate scores?

The current version of vulnerability scores assigned to apps, teams, or individuals are CVSS Severity V3 scores. We simply add all scores in a period of time together to form a final score.

As new vulnerabilities are analyzed by NIST NVD, it assigns a CVSS Score using the Common Vulnerability Scoring System. NIST NVD then makes the analysis results publicly available in a machine readable form.

Rankings are based on monthly scores.

Monthly, quarterly, and yearly scores are calculated from the most recent NVD analyzed data feed.

Which vulnerabilities are scored?

Currently, following vendors are supported:

We cross-reference multiple data sources to determine vulnerability finders.

All scored vulnerabilities can be found on the app / team / individual pages.