Risk Scoring
Cerebion Rivet produces a unified 0โ100 Quantum Risk Score for every scan.
Score Components
| Component | Weight | Description |
|---|---|---|
| Algorithm Scoring | 40% | RSA/ECC/DH vulnerability severity |
| Timeline Assessment | 25% | When quantum computers will break this algorithm |
| Business Impact | 20% | Criticality and compliance requirements |
| PQC Readiness | 15% | Post-quantum migration status |
Score Ranges
| Score | Level | Recommended Action |
|---|---|---|
| 0โ19 | Minimal | Quantum-resistant or no vulnerable algorithms detected |
| 20โ39 | Low | Monitor โ long-term threat (10+ years) |
| 40โ59 | Medium | Plan migration โ medium-term threat (5โ10 years) |
| 60โ79 | High | Prioritize migration โ near-term threat (2โ5 years) |
| 80โ100 | Critical | Immediate action required โ algorithm is quantum-broken |
Algorithm Risk Reference
| Algorithm | Base Risk Score | Notes |
|---|---|---|
| RSA-1024 | 95 | Broken by classical computers today |
| RSA-2048 | 85 | Broken by quantum computers |
| RSA-4096 | 78 | Broken by quantum computers |
| ECC P-256 | 85 | Broken by Shor's algorithm |
| ECC P-384 | 80 | Broken by Shor's algorithm |
| DH-2048 | 80 | Broken by quantum computers |
| AES-128 | 30 | Weakened but not broken by Grover's algorithm |
| AES-256 | 10 | Quantum-safe with current estimates |
| ML-KEM | 5 | NIST PQC standard โ quantum-safe |
| ML-DSA | 5 | NIST PQC standard โ quantum-safe |