The current version of vulnerability scores assigned to apps, teams, or individuals are CVSS Severity V3 scores. We simply add all scores in a period of time together to form a final score.
As new vulnerabilities are analyzed by NIST NVD, it assigns a CVSS Score using the Common Vulnerability Scoring System. NIST NVD then makes the analysis results publicly available in a machine readable form.
Rankings are based on monthly scores.
Monthly, quarterly, and yearly scores are calculated from the most recent NVD analyzed data feed.
Currently, following vendors are supported:
We cross-reference multiple data sources to determine vulnerability finders.
All scored vulnerabilities can be found on the app / team / individual pages.