What is the Nipper Rating System?

There are 4 types of Nipper Ratings:

• Impact Rating: Present the impact of the finding. The ratings are Critical, High, Medium, Low, and Informational.

• Ease Rating: How easy it would be for an attacker to exploit. The ratings are Trivial, Easy, Moderate, Challenging.

• Fix Rating: A guide to the effort required to resolve the finding. The ratings are Involved, Planned and Quick.

• Overall Rating or Overall Risk: The Impact and Ease ratings are combined to determine the overall Nipper risk rating, using an internally defined table which generates a score. This score is then finally converted to the risk categorization, as follows:

  • 1, 2 - Informational

  • 3, 4 - Low

  • 5, 6 - Medium

  • 7, 8 - High

  • 9, 10 - Critical.