Back to home

How we calculate this

This page explains how exploitability, priority and posture are computed in the current pilot version.

Exploitability status

Exploitability status reflects confirmed technical reachability, not theoretical risk.

90+

Exploit confirmed

We have a clear and reproducible path from internet to impact.

70+

Actively exploitable

Exploit possible with moderate effort or chaining.

<70

Reachable & exploitable

Reachable conditions exist but require more specific context.

Priority

Priority is derived from severity and exploitability. It is not a raw CVSS score.

Critical-- severe impact + exploit confirmed today.
High-- high impact or actively exploitable path.
Medium / Low-- kept for context but can be hidden to reduce noise.

Posture scope

The posture view intentionally excludes some decisions to focus on what is still at risk.

--

FIXED decisions are not counted in posture.

--

OPEN, IN_PROGRESS, ACCEPTED are included to show the active and accepted risk surface.

This scope is also returned by the /posture API for full transparency.