⇤ How is the Diligence Risk Category Calculated?
The Insecure Systems risk vector assessment is based on the supported/unsupported status and the level of risk that has been introduced to an organization.
Concept | Behavior |
---|---|
A default risk vector grade is assigned. |
The rating is positively impacted if there are no findings for this risk vector. |
The number of days a finding impacts the risk vector grade, assuming nothing changes in the future and the finding is not updated with new information. Learn why findings have a decay and lifetime period. |
Duration: 60 Days |
Percentage (out of 70.5% in Diligence): 2.5% |
Evaluation
Insecure Systems findings are evaluated as WARN, BAD, or NEUTRAL. An overall letter grade is calculated, using the evaluations of individual findings. See finding messages:
- March 25, 2024: “No findings/low findings” changed to “insufficient data.”
- December 12, 2023: Linked to no findings definition.
- December 4, 2023: Finding lifetime definition link changed to Finding Lifetime section.
Feedback
0 comments
Please sign in to leave a comment.