The vRx risk calculation is combines of two main parameters;
1. Unique exploitation factors of software execution on an asset - which is reflected in vRx by xTags. For more information, please refer to What are xTags?
2. Threat factors - Can be calculated either by CVEs found for software or binary Exposed APIs vRx found for a given software. For more information, please refer to What is a CVE? and What are Exposed APIs?
The general risk score is a multiplication of each threat factor with any xTag factor -
For example:
(CVE*0.1) + (Exposed API*04) * xTag1*1.2 * xTag2*1.3....
The Severity is determined by the equation output:
| Score | Severity |
| 0.0-3.9 | Low |
| 4.0-6.9 | Medium |
| 7.0-10.0 + | High |