We are planning to make a minor change to our scoring algorithm in the middle of August 2021. We have invested in our industry-leading security ratings technology since 2017 and we continue to dedicate enormous resources to improving the accuracy of our algorithms.
For background, the only previous change we made to our scoring algorithm was in Q4 2020. The driver for the change was to weigh lower scoring domains and IPs more heavily when calculating an organization’s overall security rating. This change ensured that poorly performing domains or IPs were not averaged out by otherwise good security across the organization’s assets.
At the same time, we wanted to ensure that one or a few poorly performing domains or IPs wouldn’t drag down an organization’s security rating unfoundedly. The approach we took was to reduce the weight of scores lower than the 1st percentile.
A side effect of this compromise was that in some rare situations, a risk could be remediated and the organization’s score would actually drop (because the improved score was now above the 1% threshold and therefore included in the calculation of their overall rating).
After careful consideration we have decided to make a change to fix this issue.
The new algorithm fixes this issue while minimising the overall impact on your and your vendors’ security ratings. The change will be more minor than the change you may have experienced in Q4 2020. In fact, many of you will see your security rating improve.
If you have any questions or concerns, please let us know.