How we calculate this
This page explains how exploitability, priority and posture are computed in the current pilot version.
Exploitability status
Exploitability status reflects confirmed technical reachability, not theoretical risk.
Exploit confirmed
We have a clear and reproducible path from internet to impact.
Actively exploitable
Exploit possible with moderate effort or chaining.
Reachable & exploitable
Reachable conditions exist but require more specific context.
Priority
Priority is derived from severity and exploitability. It is not a raw CVSS score.
Posture scope
The posture view intentionally excludes some decisions to focus on what is still at risk.
FIXED decisions are not counted in posture.
OPEN, IN_PROGRESS, ACCEPTED are included to show the active and accepted risk surface.
This scope is also returned by the /posture API for full transparency.