Dradis ships with a built-in CVSSv4 calculator (which also supports CVSSv3.1 and CVSSv3).
Use it to quickly assign the different metrics and calculate the risk vector, and have fine-grained control of what values you want to show in your pentest report.
Best of all, it's open-source: dradis/dradis-calculator_cvss
If you favor Microsoft's Damage, Reproducibility, Exploitability, Affected Users, and Discoverability (DREAD) risk assessment model, we have you covered: Dradis ships with a built-in DREAD calculator.
You have full control over what components and scores to include in your security report.
We released it as open-source: dradis/dradis-calculator_dread
We know that neither CVSS or DREAD are perfect. Some times you need your own risk assessment model.
Whether it's a combination of an Impact score and a Probability one, or a formula-based calculation, you can create a custom risk scoring system and load it in your Dradis instance.
And since Dradis is open-source, you can extend our platform to fit your needs.
Whether it's because you're whitelabelling your pentest deliverables for a partner, or because you have a customer that has a preferred risk assessment model, we have your back.
In Dradis you can have multiple risk calculators loaded in the platform and choose which one you want to use for each project.
Your email is kept private. We don't do the spam thing.
