How does Edgescan determine Risk?
Risk in Edgescan is determined by CVSS.
Version Number: v1.0.0
Published Date: 17 March 2026
Risk in the Edgescan Platform
Edgescan assigns a risk severity to each finding, which is based on CVSS 3.x (see below).
|
CVSS v3.x Ratings |
|
|
Severity |
Base Score Range |
|
Informational |
0.0 |
|
Low |
0.1 - 3.9 |
|
Medium |
4.0 - 6.9 |
|
High |
7.0 – 8.9 |
|
Critical |
9.0 – 10.0 |
Adjusting Risk Scores
In some cases, risk may not fully reflect the context of a vulnerability. For example, where a compensating control might be in place or an asset might have increased business criticality. Edgescan users with appropriate permissions can risk-edit vulnerabilities individually or in bulk by providing a rationale for each decision, resulting in a risk score customized to your organization.