Cybersecurity trust and transparency

SecurityScorecard is the only supply chain detection and response company that publishes live metrics on response time, refute rate, IP, and domain misattribution rates.

Hear from our co-founder Claim your scorecard

10,399,429,877

Security Issues Discovered Today

12,663,985

Companies Rated

2,238,269

Unique Companies Followed

4,071

Active Users Today

Refutes and accuracy

Any organization — at no cost — can always access and improve their security rating

Refute response time

SecurityScorecard responds to refute requests within 48 hours.

Findings refute rate

SecurityScorecard’s False Positive Rate is under 1%.

Our mission

We make the world a safer place by transforming the way the world measures and manages cybersecurity risk across the entire digital ecosystem.

Read our methodology whitepaper

Data Transparency

We own 99% of our data in-house to deliver unparalleled accuracy and speed. Companies with an F rating are 13.8x more likely to get breached.

Data Sources
Scanning
Signals

IP addresses
Exposed port mappings
Fingerprints of services, products, libraries, operating systems, devices, and other internet-exposed resources, including version numbers
Common Platform Enumeration (CPE) IDs
Common Vulnerability Enumeration (CVE) Version 2 IDs
Script output from Nmap, the open-source scanner that is one of the components of our own scanning framework

Read study

About our data

How we collect data

We have our own attribution and threat intelligence teams, who source almost all of the data we use (99%).

All of the data we use is ethically and lawfully obtained. We only collect data on entities, not on people.

How we scan the internet

How we score our findings

SecurityScorecard developed its breach prediction algorithm by using LLMs to analyze the root cause of 15,000 historical breaches.

Read whitepaper

How we validate our findings

We use multiple mechanisms to check our data quality:

– We monitor corrections from our users, which we aim to keep below thresholds.
– We look for patterns in corrections to deal with any underlying issues.
– We spot check attribution and findings data.

Any company can validate our findings, IP, and domain attributions to ensure their digital footprint is accurate.

Scoring and attribution changes

SecurityScorecard is committed to providing advanced notice of scoring enhancements. Before changes are released, they must go through a Change Committee board and undergo impact assessments.

Release Notes

SecurityScorecard fosters trust and transparency.

Trust and transparency are built into all of our products and services from the moment an organization registers for a free account. SecurityScorecard believes cybersecurity is a collective responsibility, and everyone should have a voice in ensuring the accuracy of security ratings.

We continuously rate more than 12 million entities worldwide by empowering organizations to contribute and verify their security ratings for free.