What is a scoring recalibration?
We regularly recalibrate or adjust our scoring algorithm to ensure scores accurately reflect the cybersecurity landscape. During a recalibration, we may add new issue types, retire existing ones, and adjust breach risk and threat levels based on updated risk signals.
We notify customers in advance of each recalibration and of any potential impact on scores.
When did this recalibration take effect?
This recalibration took effect on May 20, 2026.
How will my score be impacted?
You'll see a banner at the top of the Company Overview page for each Scorecard indicating the projected impact of this recalibration.
- If your score is expected to change, the banner shows the projected increase or decrease.
- If your score is not expected to change, the banner will indicate it remains the same.
In addition to the banner, the Issues table includes a Recalibrated impact column that shows each issue's post-recalibration impact.
If you have any questions about how this recalibration affects your Scorecard, please reach out to our Support team or your Customer Success Manager.
What changed on May 20, 2026?
The following table summarizes the changes to threat levels and breach risk for 4 specific issue types affected by this recalibration.
| Issue Type | Threat level change | Breach risk change | Impact | Reason for change |
|
Malicious TOR Relay/Router Node Detected (malicious_tor_relay_router_node_detected) |
INFO β Low | Low β Low | π Increase | TOR nodes are frequently used to anonymize malicious traffic, making them a more meaningful risk indicator than INFO reflects. |
|
Active CVE Exploitation Attempted (active_cve_exploitation_attempted) |
INFO β Low | Low β Low | π Increase | An IP attempting to exploit a known CVE is a strong indicator of compromise, warranting a classification higher than INFO. |
|
Website References Object Storage (references_object_storage_v2) |
INFO β INFO | High β Medium | πDecrease | Object storage use alone does not indicate an active vulnerability or misconfiguration, so a High breach risk overstated the actual exposure. |
|
Redirect Chain Contains HTTP (redirect_chain_contains_http_v2) |
Medium β Medium | High β Medium | πDecrease | Relative to issues such as critical vulnerabilities, HTTP in a redirect chain exhibits lower breach correlation, making Medium a more accurate placement. |
Details and recommendations
Breach correlation analysis conducted on 15,025 domains β 2,635 of which were confirmed breached over a two-year period (2024 Q3 to 2025 Q4) β informed the impact change for two of the four issue types. The following section provides additional detail and recommendations for each issue type.
Malicious TOR Relay/Router Node Detected
Domains at or above the 75th percentile for this issue type were 2.0x more likely to be breached than those at or below the 25th percentile. Review any findings of this type as actionable items and remediate before May 20, 2026, to avoid a score impact.
Active CVE Exploitation Attempted
Domains at or above the 67th percentile for this issue type were 3.0x more likely to be breached than those at or below the 33rd percentile. If you have findings of this type, investigate the flagged IP and review the associated CVE, port, protocol, and affected product details in the Findings table. Remediate before May 20, 2026, to avoid a score impact.
Website References Object Storage
Review your object storage configuration to ensure resources are not unintentionally exposed or publicly accessible, as misconfigurations in this area remain a common source of data exposure.
Redirect Chain Contains HTTP
Eliminate HTTP from redirect chains and enforce HTTPS end-to-end to close a gap in transport layer security and align with current industry standards.
Retired issue types
The following issue types have been removed from the platform. Because these issues were categorized as INFO level, their removal will not affect your overall score.
| Issue type | Status |
| POTENTIALLY_VULNERABLE_CVE_2023_33246 | π« |
| POTENTIALLY_VULNERABLE_CVE_2023_34362 | π« |
| POTENTIALLY_VULNERABLE_CVE_2023_3519 | π« |
| POTENTIALLY_VULNERABLE_CVE_2023_37582 | π« |
| POTENTIALLY_VULNERABLE_CVE_2023_37979 | π« |
| POTENTIALLY_VULNERABLE_CVE_2023_38035 | π« |
| POTENTIALLY_VULNERABLE_CVE_2023_46747 | π« |
Frequently Asked Questions
Q1. Why do scoring recalibrations happen?
- To ensure scores accurately reflect the dynamic elements of the cybersecurity landscape.
- To normalize scoring between organizations of different sizes, with differing digital footprints.
Q2. Where can I see the projected impact of the recalibration?
- A banner appears at the top of both the Company Overview and Issues pages for each Scorecard, showing what your score will be after the recalibration.
- This projected score is a snapshot in time and may change as issues are detected or remediated, just like your current score.
Q3. How can I improve my score ahead of the recalibration?
- Scores can be improved the same way they do today - by remediating detected issues.
- Only issues present on your scorecard at the time of the recalibration will be considered.
Q4. Why is my score projected to drop even though I have the same number of issues?
- During a recalibration, the breach risk or weight of certain issue types may change. Even if the total number of issues stays the same, changes in how those issues are weighted can impact your score.
Q5. Why are these issue types changing now?
- The score impact, threat level, and breach risk for certain issue types have been updated to better reflect their correlation with breach, based on current data. These correlations change over time as the cybersecurity landscape evolves.
- Score impact also varies by organization. Factors such as company size, digital footprint, and affected assets influence how changes to an issue type affect your overall score.
Q6. Are any new issue types being added as a part of this recalibration?
- No. This recalibration does not introduce any new issue types.
Q7. How will the retired issues impact my score?
- Because these issues are categorized as INFO level, their removal will have no impact on your score. These issue types will simply no longer appear on your Scorecard or in new reports.
Q8. Why are these issues being retired when they represent critical severity CVEs? Can SecurityScorecard still detect these vulnerabilities?
- These issues were added as an immediate way to detect the possibility of these CVEs when they were newly published. Over time, they have been incorporated into standard CVE detection and are now grouped with other vulnerabilities of the same severity.
Q9. Does this recalibration change how issues and findings are scanned or detected?
- No, recalibration does not impact scanning cadence or issue detection.
Q10. Why does the downloaded report show higher-impact issue types that aren't listed as changed?
The issue types listed in the table above are the only ones whose defined impact level changed as part of this recalibration. For these issue types, each occurrence will decrease the score either more (increasing impact) or less (decreasing impact) than before, regardless of digital footprint, organizational size, or the presence of other issues.
However, SecurityScorecard scoring is not based only on fixed impact levels. Your score is also influenced by how your organization compares with similar organizations (your peer cohort), which are grouped by size and digital footprint.
During a recalibration, we:
- Reevaluate peer cohort groupings
- Reassess how common each issue type is within those cohorts
Because scoring is partly based on relative comparisons, an individual issue's score contribution can change even when the inherent impact of that issue type remains unchanged.
For example:
If your organization has grown or reduced its digital footprint since the previous recalibration, you may now be compared against a different peer group.
If the overall distribution of a specific issue type changes within your cohort, its relative scoring may increase or decrease.
If you have more of a specific issue than your peers, it may contribute more strongly to your score.
If you have fewer than your peers, it may contribute less.
Q11. I have more questions - where can I get answers?
- We value your feedback! If you have questions about this recalibration or how it affects your Scorecard, contact Support or your Customer Success Manager.
Resources
For details on how our scoring works, see our Scoring Methodology Whitepaper.
Check out our on-demand webinar: Preparing for the May 20 2026 Scoring Recalibration: An Open Forum