Platform · Risk Intelligence

Fix what matters first. Priority Scoring & CybeRisk.

Severity alone never told you what to fix. CybeDefend scores every finding and ranks every project by real, exploitable risk, so your team spends its time where it counts.

Book a demo
Priority Scoring

One score per finding, zero guesswork.

A transparent 0 to 100 number that blends four honest signals, so a low-severity bug on an exposed, actively-exploited path outranks a critical one buried in dead code.

CVSS 4.0 environmental score, EPSS exploitation probability, exploitability and business context, weighted into a single number.

Vulnerability priority score from four signalsEach finding gets a 0 to 100 priority score blending CVSS 4.0 environmental score, EPSS, exploitability and business context.87PRIORITYCRITICAL URGENTCVSS 4.0weight 35%35%EPSSweight 25%25%Exploitabilityweight 25%25%Business contextweight 15%15%
Priority levels
80+Critical urgent
60+Urgent
40+Normal
20+Low
< 20Very low
Exploitability

The signal that kills false positives.

Every finding gets a verdict on whether it is realistically reachable, from static analysis, AI review or a manual call. That is what stops your team drowning in noise.

not_exploitable

False positive or unreachable. De-prioritized.

theoretical

Possible, not yet confirmed reachable.

proven

Confirmed exploitable in your real data flow.

actively_exploited

Known exploitation in the wild. Drop everything.

Projects ranked by CybeRisk scoreThe CybeRisk score aggregates every active finding into one number per project so the whole portfolio can be ranked by real risk.Portfolio, ranked by CybeRisk scorepayments-api142Criticalcheckout-web88Criticalauth-service54Highadmin-portal31Mediumdocs-site12LowUnbounded scale. The worst offenders stand out.
CybeRisk Score

Which project deserves attention first.

Priority scoring tells you what to fix inside a project. The CybeRisk score answers a bigger question across your whole portfolio: which of your hundred projects to look at first. One number per project, summed from every active finding.

CVSS-weighted and unbounded, so a genuinely risky project scores in the hundreds and the worst offenders stand out.

CVSS 4.0

The severity vector, tuned to your context.

Both scores start from CVSS 4.0. The same CVE scores higher on an internet-facing, mission-critical service than on an isolated internal tool.

Base score

The intrinsic severity of the vulnerability, stored for full auditability.

Environmental score

Reshaped by your Security Context, and recomputed automatically when it changes.

Reshaped by your context
Internet exposureNetwork segmentationData classificationBusiness criticality
FAQ

Scoring & prioritization, in short

What is the difference between the priority score and the CybeRisk score?

The priority score ranks individual findings inside a project so you know what to fix first. The CybeRisk score ranks whole projects across your portfolio so you know which project to look at first. One is finding-level, the other project-level.

How is the priority score calculated?

It blends four normalized signals: CVSS 4.0 environmental score, EPSS exploitation probability, exploitability and business context. The weighted result is a transparent 0 to 100, and every finding can be decomposed into its exact contributions.

What does exploitability mean here?

It is a verdict on whether a finding is realistically reachable, from not_exploitable to actively_exploited, sourced from static analysis, AI assessment or a manual override. It is the single biggest driver of false-positive suppression.

Why is the CybeRisk score not capped at 100?

Because it sums point contributions from every active finding rather than a percentage. A project with many critical vulnerabilities can legitimately score in the hundreds, which keeps the worst offenders clearly separated.

Can I override a priority manually?

Yes. Authorized users can pin a priority, which freezes recalculation until it is cleared. Overridden findings are flagged so it is always clear a human set the score.

Talk to us
Live · just shipped

Install VibeDefend in 5 seconds.

One command wires every coding agent on your machine to CybeDefend: your business rules, your compliance frameworks, and guards that block destructive calls before they fire.

Install in 5 secondsNode 18.17+
npx -y @cybedefend/vibedefend@latest install
Auto-detects
  • Claude CodeClaude Code
  • CursorCursor
  • OpenAI CodexOpenAI Codex
  • WindsurfWindsurf
  • GitHub CopilotVS Code Copilot
Read the README on npm