Vulnerability Cost Calculator

Sec. Vulnerability Operational Cost Calculator

Based on your input from the latest 12 months and our assumptions, we provide your cost of handling each security vulnerability from custom software development (not CVEs) through a combination of what you have to spend on labour, tooling and services.

Important: the business impact of vulnerabilities being exploited are not considered. False-negatives (vulnerabilities that exist and you didn't discover) aren't considered either. We consider only the discovered, reported, triaged and handled security vulnerabilities.

Instructions:

Watch our webinar to learn more about Security Vulnerabilities
You may change our pre-filled values (our assumptions) to adjust to your reality.

Total Vulnerabilities (crit/high/medium/low):

Average Hourly Rate of an Engineer (Developer/Sec. Engineer) ($):

Discovery

Total Discovery Costs (e.g., Pentests, Scanners, etc) ($):

Total of Hours spent on Discovery:

Reporting

Average Hours to Document/Explain/Communicate a Vulnerability:

Triage

Average Hours to Triage a Vulnerability:

Quantity of Vulns that are accepted (won't fix)/ignored (%):

Quantity of Vulns that are mitigated (%):

Quantity of Vulns that are transferred/delegated (%):

Transfer/Delegate

Total Extra Transfer Costs ($):

Average Hours to Transfer/Delegate a Fix:

Develop Fix

Average Hours to Develop a Fix:

Test Fix

Average Hours to Test a Fix:

Release

Average Hours to Deploy a Fix: