In this article:
At a high level, a Scorecard is a representation of an apex domain, or top-level domain. In some scenarios, that apex domain may have been registered in a Domain Registry by a technical user or by an administrator of that domain infrastructure. If that user has domain access permissions, it is highly probable that they have security control of that domain and its assets.
When constructing the attribution of digital assets in the Scorecard Digital Footprint, SecurityScorecard performs domain attribution based on datapoints common across domains.
Any related domain that lands on a Scorecard's Digital Footprint, may also exist as its own Scorecard. As such any finding that lands on a related domain, this finding also exists on the parent Scorecard that contains the related domain.
- Company name = Company Foo, Inc.
- Scorecard identifier = companyfoo.com
- Attribution of related domains on the companyfoo.com scorecard is matching with the WHOIS registrant email@example.com for several related domains, one of which is companybar.com (Company Bar, Inc.).
- Findings for companybar.com will exist on the Scorecard of companybar.com as well as companyfoo.com.
- If the finding is resolved on the companyfoo.com OR the companybar.com Scorecard, it is removed from both scorecards.
Based on this example, if the entities Company Foo, Inc. and Company Bar, Inc. are separate entities and are managed distinctly from a security perspective, it is suggested that the domain registrant update the WHOIS record to reflect the distinction.