Understanding the Advanced Rating Methodology
In the Advanced Rating Methodology, sites and applications are evaluated in the same way: the rating is based on Risk. Risk includes the following factors:
-
Likelihood: How likely is it that a vulnerability will be exploited? This may be based on how wide-spread the knowledge of the vulnerability is, how easy it is to exploit, etc.
-
Impact: how much damage may be done to your business if a vulnerability is exploited, as determined by the Threat Research Center.
-
Priority (Sites only): How important this asset is to your business. You do not have to set a Priority for a site if you do not choose to; if no priority is set, priority will not be considered in the Risk calculations.
Risk is measured by the combination of the Likelihood and the Net Impact (based on Impact and Priority if any) associated with this vulnerability on this asset using the Risk Level Determination Table below.
In the Advanced Rating Methodology, all vulnerabilities are rated according to the Risk associated with the vulnerability for that asset (site or application). This will be reflected in the findings pages, in the dashboard, and in your reports.
All customers who contracted with Continuous Dynamic on or after July 3, 2014 were, by default, set to use the Advanced Rating Methodology. To change your rating methodology, please see Changing Your Rating Methodology.