When a security analysis is performed, the results report the level of technical risk identified in the asset that has been analyzed, whether it is an infrastructure service or a web application.
The calculation of the risk level is based on the CVSS (Common Vulnerability Scoring System) international metric, which allows the numerical risk associated with each vulnerability to be assigned.
The scale for representing risk is from 0 to 10 in the case of infrastructure analyses, where 0 is considered a minimal or non-existent level of risk, and 10 is the maximum level.