9.2. Contextual Scoring

FlareInspect uses a CVSS-inspired contextual scoring model that adjusts finding severity based on zone plan, exposure, and data sensitivity.

9.2.1. Formula

Final Score = Base Score × Exploitability × Plan Multiplier × Exposure Multiplier × Sensitivity Multiplier

Scores are capped at 10.0.

9.2.2. Base Scores

Severity	Base Score
Critical	9.0
High	7.5
Medium	5.0
Low	3.0
Informational	1.0

9.2.3. Plan Multipliers

Plan	Multiplier	Rationale
Free	1.3	Missing features are riskier on free plans
Pro	1.1	—
Business	1.0	Baseline
Enterprise	0.9	More built-in protections
Enterprise Plus	0.85	Most comprehensive protection

9.2.4. Exposure Multipliers

Exposure	Multiplier
Public	1.3
Internal	0.8
Staging	0.6
Development	0.5

Exposure is inferred from the zone name and finding service:

• Account/Zero Trust findings → internal

• Zones containing staging, dev, test → staging

• DNS/SSL/WAF findings → public

• Everything else → public

9.2.5. Sensitivity Multipliers

Sensitivity	Multiplier	Use Case
Critical	1.5	PII, financial data, healthcare
High	1.3	Business-sensitive data
Medium	1.0	Standard business data
Low	0.8	Public information

Set with --sensitivity:

flareinspect assess --token $TOKEN --sensitivity critical

9.2.6. Exploitability Factors

Factor	Multiplier
Exposed credentials	1.5
Origin IP exposed	1.4
Missing WAF	1.3
Weak SSL	1.3
No MFA	1.2
Missing headers	1.1
No DNSSEC	1.1
Default	1.0

9.2.7. Usage

flareinspect assess --token $TOKEN --sensitivity high

The contextual scores are added to each finding under contextualScore and summarized in contextualSummary.