- August 17, 2023: Replaced grading details with links to risk vector overviews containing all details. Separated finding behavior to its own page.
- July 21, 2023: Added Web Application Security risk vector.
- April 20, 2023: 2023 Ratings Algorithm Update.
⇤ How are Bitsight Security Ratings Calculated?
Each risk vector in the Diligence risk category is evaluated based on severity, the impact and lifetime of findings, and then normalized to account for company size.
Weight
The Diligence risk category accounts for 70.5% of a company’s Bitsight Security Rating. Each Diligence risk vector is accounted for in the total Diligence weight. The percentage is out of the total 100% of the rating.
Finding Grades & Risk Vector Grades
Diligence findings are graded as GOOD, FAIR, WARN, BAD, or NEUTRAL based on industry-standard criteria. An overall letter grade is calculated for the risk vector using the individual finding grades.
Example: If a company has 3 domains and each of them has an effective SPF record, their overall SPF Domains grade would be an “A.” Likewise, if all 3 domains have improperly formatted SPF records, their overall SPF Domains grade would be an “F.”