The Vicarius definition for risk combines two important parameters;
1. Unique exploitation factors of software execution on an asset - We represent it TOPIA with xTags, or exploitation tags. For more info read - What are xTags?
The App risk score is a multiplication of each threat factor with any xTag factor:
App risk = Threat factors X Unique exploitation factors
App risk = (CVSS Score * Weight + Exposed API *Weight) * xTag1 * xTag2