What makes an App risk score?

The Vicarius definition for risk combines two important parameters;

1. Unique exploitation factors of software execution on an asset - We represent it TOPIA with xTags, or exploitation tags. For more info read - What are xTags?

2. Threat factors - Can be either CVEs we found for software or binary Exposed APIs we found for a given software. For more info read - What is a CVE? and What is What is Exposed APIs?

The App risk score is a multiplication of each threat factor with any xTag factor:

App risk = Threat factors X Unique exploitation factors

For example:

App risk = (CVSS Score * Weight + Exposed API *Weight) * xTag1 * xTag2