• Platform
    Platform
    Nucleus Platform
    Scale and automate your vulnerability and exposure management program
    Vulnerability Intelligence Platform
    Access centralized and enriched vulnerability intelligence
    Nucleus Insights Intelligence Feed
    AI-powered, expert-validated threat and vulnerability intelligence
    Integrations
    Discover our ecosystem of 200+ connectors
    Capabilities
    Vulnerability Aggregation
    Unify and operationalize your vulnerability data in one platform
    Risk Prioritization
    Prioritize with asset context and threat intelligence
    Vulnerability Remediation
    Automate workflows to prioritize and mitigate critical exposures
    Vulnerability Intelligence
    Enrich vulnerability findings with real-world threat intelligence
    Asset Management
    Unify asset data to automate your vulnerability and exposure management
    Plan of Action and Milestones (POAM)
    Automate POA&M compliance at scale
    Compliance Frameworks
    Align with compliance framework controls and requirements.
    MCP Server
    Interact with your data using natural language and AI tools
  • Solutions
    Public Sector
    Federal Government
    Vulnerability and exposure management for government agencies
    State, Local, and Education (SLED)
    Centralize security and simplify compliance for state and local government
    Use Cases
    Exposure Management
    Scale and automate your exposure management program
    Risk-Based Vulnerability Management
    Address vulnerabilities with risk-based context and prioritization
    Application Security
    Shift left application security with production risk context
    Cloud Vulnerability and Exposure Management
    Conquer critical exposures across hybrid clouds
    Featured Report
    Gartner EAP MQ
    Nucleus Security Recognized as a Challenger in 2025 Gartner® Magic Quadrant™ Report

    We have been recognized for our Completeness of Vision and Ability to Execute.

    GET THE REPORT
  • Partners
    Partner Program
    Program Overview
    Learn more about our growing partner program
    MSSPs
    Explore opportunities for MSSP partnerships
    Marketplaces
    Find Nucleus on leading industry marketplaces
    Partner Resources
    Partner Directory
    Explore our ecosystem of partners
    Become a Partner
    Submit your request to join our partner program
    Deal Registration
    Easily register deals with Nucleus
    Partner Portal
    Log in to our dedicated Partner Portal
    Partner Case Study
    Orange Cyberdefense
    Case Study: Orange Cyberdefense

    Orange Cyberdefense leverages Nucleus to streamline vulnerability management, reduce costs, and drive impactful security insights for its customers.

    LEARN MORE
  • Resources
    Resources
    Resource Library
    Discover customer stories, reports, research, and more
    Blog
    Stay informed with the Nucleus Node blog
    Webinars
    Learn from industry experts and Nucleus leaders
    Events
    Meet with us virtually and in-person
    CISA KEV Enrichment Dashboard
    Quickly analyze vulnerabilities identified by CISA
    Featured Resources

    Gartner Exposure Assessment Platform Magic Quadrant

    Nucleus Security recognized as a Challenger by Gartner.

    LEARN MORE

    Omdia Technical Validation

    LEARN MORE
    Featured Articles

    The NVD Funding Crisis Was Bigger Than Mythos

    READ MORE

    You Can’t Patch Your Supply Chain So Why Treat It Like a Vulnerability Problem?

    READ MORE
    Featured Webinars

    The Exploitability Gap Webinar

    OPEN WEBINAR

    From Insight to Impact Carahsoft Webinar

    OPEN WEBINAR
    Featured Events

    NLIT Summit

    LEARN MORE

    DoW Mission Partner Environment (MPE) Summit

    LEARN MORE
    Featured Content

    The NVD Funding Crisis Was Bigger Than Mythos

    LEARN MORE

    You Can’t Patch Your Supply Chain So Why Treat It Like a Vulnerability Problem?

    LEARN MORE
  • Company
    About
    About Nucleus
    Learn more about who we are as a company
    Careers
    Explore our current openings and join the team
    News
    Read the latest news and articles
    Contact
    Contact Us
    Reach out to the Nucleus team
    Watch a Demo on Demand
    Watch our on-demand video demo
    Schedule Custom Demo
    Request a customized demo suited to your business' needs
    Pricing
    Get a quote based on your unique requirements
    Featured Content
    Omdia Tech Validation Report
    Omdia Technical Validation

    Omdia’s Technical Validation, commissioned by Nucleus, details how Nucleus helps organizations build successful vulnerability and exposure management programs.

    LEARN MORE
Watch A Demo

LAUNCH WEEK 2025 | DECEMBER 5, 2025

Nucleus Custom Risk Score

Take Full Control of Your Vulnerability Prioritization

Rob Gibson

Custom Risk Score

If you’ve ever had to justify why one vulnerability got patched while another didn’t, to an auditor, a CISO, or worse, a board member post-incident, you know how critical it is to have an accurate scoring model that reflects how your organization defines risk. 

You also know this: Many off-the-shelf scoring systems like those provided by vulnerability scanners aren’t good enough. They might be opaque or generic, or they might rely on contextual data that is challenging to integrate. In addition, they often don’t reflect how your organization defines risk. 

That’s why we built Custom Risk Score in Nucleus. 

Nucleus Custom Risk Score will roll out to customer environments through the end of the year. With it, you’ll be able to define, calculate, and operationalize your own vulnerability risk scores using the full context of your environment and threat intelligence.

Why This Matters

For years, security teams have been forced to choose between the lesser of two evils: an inadequate third-party generic prioritization model or a costly bespoke one often managed outside of their VM platform. This is typically done through spreadsheets, scripts, or custom tools that are costly, that introduce inaccuracies, and that may break at scale.  

One major challenge is the organizational complexity of change management: Any time a security team wants to integrate a new risk score, it’s an exercise in convincing others in their organization of the validity of whatever model they choose, and requests from various stakeholders can be challenging to accommodate.  

We’ve seen customers try to work around these challenges. Some modify weights in our default risk model. Others use tags and filters to simulate prioritization logic. Ultimately, these are all band-aids. 

What security teams really want is simple: “Let us define risk our way. Let us make it easy to show and justify the calculation. And let us easily operationalize the score across everything.” 

So that’s what we built. 

What Custom Risk Score Enables 

With the Nucleus Custom Risk Score, you can build your own risk scoring logic, directly inside Nucleus, and use it throughout the platform. 

You can: 

  • Define how scores are calculated using rules-based logic.
  • Set your own scoring ranges and severity levels.
  • Create dynamic “adjusters” based on asset value, threat intel, exploitability, KEV status, business unit, or any field in the Nucleus data model.
  • Define the interaction between vulnerability risk (how risky is a specific finding?) and asset and project risk (how risky is an asset or project with thousands of vulnerabilities, each with varying levels of risk?)
  • Apply your custom score to all automation, dashboards, SLAs, and reporting.
  • Instantly update scoring logic that is reflected across millions of findings in real time. 

Every score is transparent. You can always trace back exactly how it was calculated and defend it. 

This gives teams what they’ve been missing: A way to standardize how risk is measured, while still aligning with business reality. 

Built for the Real World 

We designed this for complex enterprise environments with multiple scanners, fragmented asset data, regulatory requirements, and internal politics around what counts as “critical.” 

Some of our early adopters are already using the Nucleus Custom Risk Score to: 

  • Integrate business risk tags from CMDBs into their scoring logic.
  • Gather threat intel data from Nucleus and a variety of sources into their risk calculations.
  • Assign dynamic logic according to business unit or asset class. 

All of this is built on the same engine that powers the Nucleus platform, integrating configuration and calculation to ensure adaptability and scalability. 

What to Expect 

Nucleus Custom Risk Score will roll out to all customers on the Advantage Package who are using the new UI. 

Included immediately: 

  • Custom risk configuration and calculation engine
  • Automation integration
  • Dashboarding and reporting with your custom score 

Coming soon: More calculation modes for asset and project risk, additional score pre-deployment testing features, and suggested templates to make enacting a new risk scoring regime easier. 

Why This Changes the Game 

Vulnerability management has always struggled with the same question: “How do we know we’re fixing the right things?” 

The answer isn’t more scanning. It’s better prioritization. But that only works if you can define what “risk” means for your environment, and bake that into every workflow, report, and decision. 

That’s what Nucleus Custom Risk Score delivers. 

This new capability is only possible because Nucleus already brings together all the right context: vulnerabilities, assets, threat intel, business data, ownership, and more. Now, you decide how that gets calculated into action. 

This is what real risk-based vulnerability management looks like: Defined by you, powered by Nucleus. 

Rob Gibson
Rob is the VP of Product for Nucleus, responsible for implementing the company's product strategy and managing the teams involved in developing our innovative vulnerability and exposure management platform.

© 2026 Nucleus Security. All rights reserved

Nucleus Webinar: The Exploitability Gap and What You Can Know Before CISA KEV | Save Your Seat →