FireTail's API Risk Scoring system evaluates and categorizes APIs based on open findings based. The severity of the findings—critical, high, medium, and low— determine the risk score.
How Risk Scores Are Banded
The risk score is divided into bands determined by the severity of the open findings assocaited with the API:
Critical: 80-100
High: 60-80
Medium: 40-60
Low: Below 40
Each severity level influences the score differently, and the number of open findings plays a role in determining the score. A log based scale is used to ensure that findings of higher severity have a larger impact on the overall risk score.
Score Breakdown
Critical Findings: If there is at least one critical finding, the risk score will be set between 80-100.
High Findings: If no critical findings exist, the system evaluates high findings. Any high findings result in a score between 60 and 80.
Medium Findings: If neither critical nor high findings are present, the system checks for medium findings, with the score falling between 40 and 60.
Low Findings: If only low-severity findings exist, the risk score will be below 40.
