SecurityScorecard use both active and passive collection methods to gather proprietary data which includes indicators of compromise such as malware infections and domain/ IP based vulnerabilities, and third-party data which includes exposed databases and data leaks.
SecurityScorecard leverages the use of advanced machine learning algorithms and other proprietary methods that accurately attribute IP addresses found on the open internet to the company that has operational ownership of the associated systems. We recalibrate on a monthly basis. To ensure that attribution accuracy does not degrade over time, we have short time values so that we are constantly refreshing the data. For scoring accuracy, we recalibrate monthly, ensuring the average that companies are scored against is accurate and we continuously ingest current breach data and periodically run a regression analysis to ensure that scores are still well aligned with relative likelihood of beach.