Tripwire Vulnerability Scoring System

Measuring and managing the security risk associated with information and information technology remains one of the most challenging and elusive problems faced by an organization. The challenge of how to measure, and therefore how to manage, risk is top-of-mind for information security professionals. Unfortunately, most of the tools for vulnerability and risk management that exist today do not provide a suitable metric and therefore do not improve an organization’s ability to manage risk.

Tripwire has developed an objective scoring formula which has been utilized as a vulnerability scoring metric by a number of large organizations that have adopted Tripwire® IP360™ as a vulnerability and risk management standard. The Tripwire IP360 score provides a viable and tested model of risk assessment, and over the years, the score has remained the most relevant, usable, and functional risk metric in the industry. 

This paper explains in detail the thought behind the metric, as well as the actual formula used for calculating vulnerability scores.