What makes an Asset risk score?

The Vicarius definition for risk combines two important parameters;

1. Unique exploitation factors of software execution on an asset - We represent it TOPIA with xTags, or exploitation tags. For more info read - What are xTags?

2. Threat factors - Can be either CVEs we found for software or binary Exposed APIs we found for a given software. For more info read - What is a CVE? and What is What is Exposed APIs?

The asset risk score is a multiplication of each threat factor with any xTag factor - 

For example:

(CVE*0.1) + (Exposed API*0.4) * xTag1*1.2 * xTag2*1.3....