support.securityscorecard.com Open in urlscan Pro
104.16.51.111  Public Scan

Form analysis
1 forms found in the DOM

GET /hc/en-us/search

<form role="search" class="search" data-search="" action="/hc/en-us/search" accept-charset="UTF-8" method="get"><input name="utf8" type="hidden" value="✓" autocomplete="off"><input type="hidden" name="category" id="category" value="360005311772"
    autocomplete="off">
  <input type="search" name="query" id="query" placeholder="Search" aria-label="Search">
</form>

Text Content

Skip to main content
Help Center
Community Submit a request

Log in for Community posts, scoring updates, and more!

 1. Help Center
 2. Ratings
 3. Scoring Updates


Articles in this section
 * Prepare for Scoring 3.0
 * A Closer Look at Scoring 3.0 Vocabulary and Breach Likelihood
 * Recommended actions to improve your Scoring 3.0 score
 * Evidence-based score gain
 * Scoring Recalibration FAQ
 * Prepare for a scoring recalibration
 * Score update banner information disappeared or does not display
 * Why are there unexpected Score changes in a Scorecard?
 * Public Scorecard Badge has outdated score compared to platform score
 * What is the delay in reporting on a data breach?


PREPARE FOR A SCORING RECALIBRATION

Mark Glinski
 * 7 months ago
 * Updated

FollowNot yet followed by anyone


IN THIS ARTICLE:

 * What is a recalibration and why is it important?
 * How we recalibrate scoring
 * How Scorecards and Portfolios are affected by recalibration
 * Take steps to prepare for a recalibration
 * FAQ
 * Get help



SecurityScorecard continually makes improvements and critical changes that
affect how your Scorecard is scored, including scoring recalibrations every
three months. Use this article to prepare for recalibrations, so that you can
maintain the highest score and best security posture possible.

> Tip: In addition to recalibrations, we also make other changes, such adding or
> removing domains to your Digital Footprint or improving our attribution
> process. See all of our scoring-related updates.


WHAT IS A RECALIBRATION AND WHY IS IT IMPORTANT?

We recalibrate the baselines that we use to calculate our scores. These
recalibrations reflect changes to organizations, the cybersecurity landscape,
and the internet.

> Note: As of August, 2023, we recalibrate our Scores every three months.

By keeping the calibration up to date, we prevent scores from becoming less
accurate over time as the number of findings on the internet moves away from the
historical baseline.

Additionally, scoring updates allow us to add new issue types, retire old ones,
and re-weigh the severity of issues to make scores more predictive of negative
outcomes, such as breaches and malware attacks. We cannot add new issue types
without understanding the baseline to score against, which we get from
recalibration.

Factor scores are based on issue severity levels, or weights, which we also
recalibrate. Each issue contributes some expectation value to the factor score.
If we deprecate an issue type, we need to recalibrate the factor without it.


HOW WE RECALIBRATE SCORING

We base the score on the average number of findings for an organization against
their Digital Footprint size. We recalibrate to make sure that the average
number of findings of issues and factors is up to date.

We update the scoring calibration using two months worth of data. We believe
this minimizes the expected score impact and allows for frequent improvements to
the platform. 

In our current Scoring methodology, a Scorecard’s overall score is calculated as
the weighted average of the factor scores.

Note: In Scoring 3.0, a methodology that we are previewing and will fully apply
in 2024, a Scorecard's overall score will directly reflect the severity levels
and score impact of issue types. Learn more about Scoring 3.0.

As we add or remove issues and information with recalibration, certain factor
scores may change while others stay the same. Changes in an organization's
factor-level score cause to a change in their overall score.

Learn more about how we calculate scores.


HOW SCORECARDS AND PORTFOLIOS ARE AFFECTED BY RECALIBRATION

When there are no changes to issues and severity levels, we expect the score
changes to be less significant than when we add in new issues or re-weight the
severity of issues.

Since scoring updates affect all Scorecards in the platform, you will see score
changes within their Portfolios. These changes may also be reflected in reports,
analytics, and other platform features.


TAKE STEPS TO PREPARE FOR A RECALIBRATION

Use the scoring recalibration reports in the SecurityScorecard platform to help
you anticipate, and prepare for, an update.


STEP 1: WATCH FOR UPDATE ANNOUNCEMENTS, AND DOWNLOAD RECALIBRATION REPORTS

If a scheduled scoring update will affect your Scorecard, you will see alerts in
the platform ahead of time, so that you can prepare for them and possibly
prevent any projected negative impact:

 * A banner appears when you log into your SecurityScorecard account. Click
   Download reports in the banner.
   
   
   
   > Note: The displayed score impact reflects how the recalibration change
   > impacts your score on the day it was computed. Since we run scores daily,
   > the impact may change with new data.

 * On your Scorecard, a wrench icon that represents a scoring update
   recalibration appears under your score. Mouse over the icon to see more
   information...
   
   
   
   ....Click Download reports....
   
   

Select a report to download the .csv file, and then open it in a spreadsheet
application.



> Tip: For reference and to track changes, you can see past scoring updates on
> your Scorecard's History age and issue-level event log.


STEP 3: REVIEW THE REPORTS

During the window preceding the recalibration, we generate these three reports
on a daily basis to show the difference in scores and findings between the
current calibration and the new one we will apply on the announced date.

You may find it helpful to view the reports in the following order:

 1. Start with the Score Difference report for a broad understanding of how your
    factor scores and overall Scorecard score will change as of the
    recalibration. Note which factor scores are particularly impactful.
 2. Then look at the Score Impact Changes report to see how relevant issue types
    within each factor will impact scores.
 3. Finally, look at the New Findings report to get details about specific issue
    findings. 

The reports are in .csv format, and you can open them in a spreadsheet
application.

SCORE DIFFERENCES REPORT

This report shows how your overall and factor scores will change as of the
recalibration date because of new findings relevant to the recalibration.



See the following table for column explanations:

Column heading Explanation date

The date that relevant findings were associated with the Scorecard database, to
be applied to the Scorecard as of the recalculation date

> Note: This is not the date of the report itself, the date of the scan, or the
> date that the finding was observed.

parent_domain The Scorecard's registered domain, where these changes will occur
factor_name The name of the score factor

current_factor_score

The factor score prior to the recalibration new_factor_score The factor score as
of the recalibration factor_diff The numeric difference in the issue type's
factor score impact before and after recalibration

current_total_score

The overall Scorecard score prior to the recalibration new_total_score The
overall Scorecard score as of the recalibration total_diff The numeric
difference between the overall Scorecard scores before and after recalibration


SCORE IMPACT CHANGES REPORT

THIS REPORT SHOWS THE HOW ISSUE FINDINGS AFFECTED BY THE RECALIBRATION WILL
IMPACT FACTOR SCORES AND THE OVERALL SCORECARD SCORE AS OF THE RECALIBRATION
DATE.



See the following table for column explanations:

Column heading Explanation date

The date that relevant findings were associated with the Scorecard database, to
be applied to the Scorecard as of the recalculation date

> Note: This is not the date of the report itself, the date of the scan, or the
> date that the finding was observed.

parent_domain The Scorecard's registered domain, where these changes will occur
factor_name The name of the score factor measurement_name The issue type that
will have an impact on the score change as of recalibration

current_factor_impact

The issue type's factor score impact prior to the recalibration
new_factor_impact The issue type's factor score impact as of to the
recalibration factor_impact_diff The numeric difference in the issue type's
factor score impact before and after recalibration

current_total_impact

The issue type's overall Scorecard score impact prior to the recalibration
new_total_impact The issue type's overall Scorecard score impact as of the
recalibration total_impact_diff The numeric difference in the issue type's
overall Scorecard score impact before and after recalibration

 

NEW FINDINGS REPORT

This report shows you new issue findings that are projected to appear on your
Scorecard, and those that will disappear, as of the recalibration date. 


> Note: Be aware of the following when viewing this report:
>  * The findings that appear in the report may change at any time preceding the
>    recalibration date. For example, if you view the report on two different
>    days, some findings that appear the first day you see the report may no
>    longer appear the next day you see it.
>  * This also means that any of the new findings you see in the report may not
>    appear on your Scorecard on the day of the recalibration.
>  * A recalibration may affect existing issue types as well as introduce new
>    issue types. This means that you may see findings for existing issue types
>    in the report.

See the following table for column explanations:

Column heading Explanation date

The date a finding was associated with the Scorecard database, to be applied to
the Scorecard as of the recalculation date

> Note: This is not the date of the report itself, the date of the scan, or the
> date that the finding was observed.

parent_domain The Scorecard's registered domain, where the finding occurred
measurement_type The issue type that the finding belongs to change Whether a new
finding was added to the Scorecard (measurement_arriving),
or removed because of decay (measurement_departing) measurement_id The unique
identifier for the specific issue finding on the given IP address and port
number

first_seen

The first date we observed the finding last_seen The most recent date we
observed the finding dst_ip The IP address on which the finding occurred
dst_port The port number on the IP where the finding occurred observation_tls
Dynamically appears when the report includes findings for the issue type SSL/TLS
Service Supports Weak Protocol; the data we gathered that supports the finding
protocol The protocol running on the port target Dynamically appears when the
report includes findings for the issue type SSL/TLS Service Supports Weak
Protocol; the URL or IP address where we observed the finding
vulnerability_description The description of the vulnerability as it appears in
the National Vulnerability Database vulnerability_id The common vulnerability
enumeration (CVE) identifier as it appears in the National Vulnerability
Database vulnerability_publish_date The date that the vulnerability was
published in the National Vulnerability Database

 


FAQ


WHY DOES IT TAKE TWO TO FOUR DAYS, OR EVEN MORE, FOR MY SCORE TO REFLECT A
CHANGE?

Our batch processing method typically takes two to four days: one day to collect
the data and one day to process it. The process can last longer when unexpected
variables occur. When collecting data we sometimes detect errors in the data; we
then reprocess the data to ensure accuracy. Other reasons for delayed updates to
your score may be errors in our scoring pipeline.


HOW CAN I STAY AHEAD OF POSSIBLE SCORING CHANGES TO KEEP MY SCORE HIGH OR
STABLE? SPECIFICALLY, HOW CAN I GET TO HIGH-PRIORITY FIXES QUICKLY, GIVEN THAT
ANY CHANGE TAKES TWO TO FOUR DAYS TO AFFECT MY SCORE?

To give you as much time as possible to correct and remediate problems – and
thereby keep your scores high – our platform alerts you several weeks before any
scoring changes take place. In addition, we highlight any recent changes that
may affect your score in our scoring update release notes. There we explain what
changes are significant, and how you can resolve these issues in the platform
prior to the scoring update deadline.


HOW DO YOU SHOW ME WHAT CHANGED, SO I CAN START RESOLVING ISSUE FINDINGS
QUICKER?

We make your score more actionable with our issue-level event log, which shows
new and removed findings each day. This insight helps you implement your
remediation process faster.


GET HELP

If you have any questions or comments, contact your Customer Success manager, or
submit a Support request.

 

Was this article helpful?
Yes No
2 out of 4 found this helpful
Have more questions? Submit a request
Return to top


RELATED ARTICLES

 * Scoring update release notes for 2024
 * Address issue findings in your Scorecard
 * Prepare for Scoring 3.0
 * Manage and validate your Digital Footprint
 * How SecurityScorecard scans and attributes cloud IPs

Help Center