The Vicarius definition for risk combines two important parameters;
1. Unique exploitation factors of software execution on an asset - We represent it TOPIA with xTags, or exploitation tags. For more info read - What are xTags?
The asset risk score is a multiplication of each threat factor with any xTag factor -
(CVE*0.1) + (Exposed API*0.4) * xTag1*1.2 * xTag2*1.3....