How Risk Is Calculated?

The vRx risk calculation is combines of two main parameters;

1. Unique exploitation factors of software execution on an asset - which is reflected in vRx by xTags. For more information, please refer to  What are xTags?

2. Threat factors - Can be calculated either by CVEs found for software or binary Exposed APIs vRx found for a given software. For more information, please refer to What is a CVE? and What are Exposed APIs?

The general risk score is a multiplication of each threat factor with any xTag factor - 

For example:

(CVE*0.1) + (Exposed API*04) * xTag1*1.2 * xTag2*1.3....


The Severity is determined by the equation output:

Score Severity
0.0-3.9 Low
4.0-6.9 Medium
7.0-10.0 + High