Trust Debt™ quantifies it. We track CVE history, exploit activity, breach records, and trajectory trends — then distill it into a single grade you can actually act on.
A single score built from the averageseverity of a vendor's recent CVEs — weighted by recency, remediation, real-world exploitation, breach history, and trend, then scaled gently by volume. Size-normalised on purpose, so a large, transparent vendor isn't punished for disclosing. Updated nightly from four public data sources.
No proprietary threat feeds. Every score is computable from public, authoritative data — updated nightly via Cloudflare Workers.
National Vulnerability Database — every published CVE with severity scores, descriptions, and CWE classifications.
Known Exploited Vulnerabilities — CVEs confirmed as actively exploited in the wild, maintained by the US Cybersecurity agency.
Exploit Prediction Scoring System — daily probability scores for every CVE being exploited in the next 30 days.
Have I Been Pwned dataset — matched to vendors by domain and keyword to surface breach history and affected record counts.
Trust Debt™ is a directional signal from public data, not a verdict. The honest limits:
Search any vendor. Compare alternatives. Spot the weakness patterns lurking across your supply chain.