In this article:
At a high level, a Scorecard is a representation of an organization's registered domain, which is typically a second-level domain. If the person who registered the domain with a registry service has access permissions to that domain, it is likely that they have security control of that domain and its assets.
When constructing the attribution of digital assets in the Scorecard Digital Footprint, SecurityScorecard performs domain attribution based on datapoints common across domains.
Any related domain that lands on a Scorecard's Digital Footprint, may also exist as its own Scorecard. As such any finding that lands on a related domain, this finding also exists on the parent Scorecard that contains the related domain.
- Company name = Company Foo, Inc.
- Scorecard identifier = companyfoo.com
- Attribution of related domains on the companyfoo.com scorecard is matching with the WHOIS registrant firstname.lastname@example.org for several related domains, one of which is companybar.com (Company Bar, Inc.).
- Findings for companybar.com will exist on the Scorecard of companybar.com as well as companyfoo.com.
- If the finding is resolved on the companyfoo.com OR the companybar.com Scorecard, it is removed from both scorecards.
Based on this example, if the entities Company Foo, Inc. and Company Bar, Inc. are separate entities and are managed distinctly from a security perspective, it is suggested that the domain registrant update the WHOIS record to reflect the distinction.