# Security Score

Your security score provides a simple, easy-to-understand measure of how well your organization is managing its security vulnerabilities. It takes into account the findings from both penetration testing and bug bounty programs to give you a single number that reflects your overall security health.

## How the Score Works

Your security score is displayed as a number from 0 to 100, where a higher score means a stronger security posture. The score is calculated based on several factors:

* **How many findings are open** -- Fewer open findings means a higher score
* **The severity of open findings** -- Critical and high-severity findings have a bigger impact on your score than low or informational ones
* **How quickly you fix findings** -- Organizations that resolve findings faster tend to have higher scores
* **Retest results** -- Findings that are fixed and verified by the Catchify team contribute positively to your score

## What Your Score Means

| Score Range | Rating            | What It Means                                                                                             |
| ----------- | ----------------- | --------------------------------------------------------------------------------------------------------- |
| 90 -- 100   | Excellent         | Very few open findings, especially critical or high ones. Your team is resolving issues quickly.          |
| 75 -- 89    | Good              | Most findings are being addressed in a timely manner. A few items may need attention.                     |
| 50 -- 74    | Needs Improvement | There are a significant number of unresolved findings. Focus on addressing high and critical items first. |
| Below 50    | At Risk           | Many serious findings remain unresolved. We recommend prioritizing remediation immediately.               |

## How to Improve Your Score

Improving your security score comes down to addressing findings efficiently. Here are the most effective steps:

1. **Prioritize critical and high findings first** -- These have the largest impact on your score. Work with your development team to fix them as soon as possible.
2. **Request retests after fixing issues** -- Once your team has fixed a vulnerability, request a retest through the portal so the Catchify team can verify the fix. Verified fixes boost your score.
3. **Do not ignore informational findings** -- While they have less impact on the score, addressing best-practice recommendations prevents future issues.
4. **Keep your bug bounty program active** -- Continuous testing helps you catch new vulnerabilities early, before they accumulate and lower your score.

{% hint style="info" %}
Your security score updates automatically as findings are opened, resolved, and verified. There is no action needed on your part to trigger a recalculation.
{% endhint %}

## Score History

The security score page also shows how your score has changed over time. This trend line helps you see whether your overall security posture is improving, staying steady, or declining.

## Sharing Your Score

Your security score can be a valuable metric to share with leadership or compliance teams. You can:

* **Download a summary** -- Export a PDF snapshot of your score and its breakdown
* **Include it in reports** -- Your pentest executive summary reports include the security score at the time of the engagement

{% hint style="success" %}
Many Catchify clients include their security score in board presentations and compliance reports as evidence of their ongoing security efforts.
{% endhint %}