SecurityAssess & Improve SecurityTop Actions
How the Space Risk Score Is Calculated
The Space Risk Score is a single 0-100 metric that summarizes the security risk for a space. Higher means more risk; 0 means no risk. It's the score that the Risk Reduction value of each Top Action directly improves.
Use it as a high-level benchmark to track your security posture over time.
The formula
The Space Risk Score is the average risk score across every finding in the space:
Space Risk Score = (sum of all finding risk scores) ÷ (total number of findings)
Where:
- Finding risk score is the 0-100 score Mondoo assigns each finding. See How Mondoo Scores and Prioritizes Findings.
- Sum and total number cover every finding on every asset in the space.
How exceptions are handled
| Exception type | Effect on the score |
|---|---|
| Risk Accepted, False Positive, Workaround | Finding contributes 0 to the sum. |
| Disable | Finding is excluded from both the sum and the count. |
Example
A space has 3 findings:
| Finding | Risk score | Notes |
|---|---|---|
| A (critical CVE) | 95 | |
| B (high check failure) | 80 | |
| C (medium CVE) | 0 | Risk Accepted exception |
Calculation:
- Sum:
95 + 80 + 0 = 175 - Space Risk Score:
175 ÷ 3 = 58.33