Currently, SimpleRisk supports six different risk scoring methods. We have Classic Risk, which is the likelihood times impact calculation you probably learned studying for your CISSP. We also support weighted likelihood and impact with that methodology. We support CVSS 2.0, which is the Common Vulnerability Scoring System typically used when calculating the risk score associated with CVE vulnerabilities. We support DREAD, which is the old school Microsoft risk rating methodology. We support the OWASP Risk Rating Methodology, which was designed for assessing application security risks.