SecurityScorecard uses both active and passive collection methods to gather proprietary data, including indicators of compromise such as malware infections and domain- and IP-based vulnerabilities, as well as third-party data such as exposed databases and data leaks.
SecurityScorecard leverages advanced machine learning algorithms and proprietary methods to accurately attribute IP addresses found on the open internet to the company with operational ownership of the associated systems. We recalibrate on a quarterly basis. To ensure attribution accuracy does not degrade over time, we use short time intervals to continuously refresh the data.
For scoring accuracy, we recalibrate quarterly to ensure the average used to score companies is accurate. We continuously ingest current breach data and periodically run regression analyses to ensure scores remain well aligned with the relative likelihood of breach.
To learn more, see The Principles for Fair & Accurate Security Ratings: A Focus on Confidentiality or visit our Trust Portal.