Hello.
Can any body explain to me please - as simple as possible - how the calculation is done?
RISK = 60. Why?
EPPS score:
Modified Severity:
I have default risk calculator:
Please advise.
BR
Dom
Hello @Don Dom,
This risk score is calculated based on the weights you define in the calculator. According to your screenshot, the calculation currently considers only two parameters: Vulnerability Severity (80% weight) and Vulnerability Exploit Exists (20% weight). To see how this weighting affects your Risk Score and Risk Rating, please refer to the scenario in the "Risk Score Criteria" section. If you want to include other parameters, such as the EPSS Score, you will need to adjust the weights accordingly.
The final risk score is calculated using the following formula: (Vulnerability Severity Score * 0.80) + (Vulnerability Exploit Exists Score * 0.20)
The resulting output is detailed as follows
| Vulnerability Severity | Exploit Exists | Calculation | Final Risk Score |
| Critical | Yes | (100 * 0.80) + (100 * 0.20) | 100 |
| Critical | No | (100 * 0.80) + (0 * 0.20) | 80 |
| High | Yes | (75 * 0.80) + (100 * 0.20) | 80 |
| High | No | (75 * 0.80) + (0 * 0.20) | 60 |
| Medium | Yes | (50 * 0.80) + (100 * 0.20) | 60 |
| Medium | No | (50 * 0.80) + (0 * 0.20) | 40 |
| Low | Yes | (25 * 0.80) + (100 * 0.20) | 40 |
| Low | No | (25 * 0.80) + (0 * 0.20) | 20 |
| None | Yes | (0 * 0.80) + (100 * 0.20) | 20 |
| None | No | (0 * 0.80) + (0 * 0.20) | 0 |
Read the below documents carefully.
1) Risk score calculation example for Vulnerability Response
2) Vulnerability Response calculators and vulnerability calculator rules
Regards,
----
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.
