Your Security Score is a single number between 0 and 100 that represents the overall security health of your app right now. It works like a credit score — it goes up when you fix issues and enable protections, and it drops when new threats appear or vulnerabilities go unaddressed. You’ll find it at the top of the Overview page, and it’s the first thing displayed on your public Security Certificate.Documentation Index
Fetch the complete documentation index at: https://docs.lintliot.com/llms.txt
Use this file to discover all available pages before exploring further.
Score bands
| Score | Color | Status | What it means |
|---|---|---|---|
| 90–100 | Green | Excellent | Enterprise-ready. Safe to share your verify link in pitch decks and sales emails. |
| 75–89 | Blue | Good | Minor open issues. Nothing critical is blocking you. |
| 60–74 | Yellow | Fair | Some open findings or compliance gaps need attention. |
| 40–59 | Orange | Poor | Active risks present. Prioritize fixing critical and high findings. |
| 0–39 | Red | Critical | Active threats or critical vulnerabilities detected. Immediate action required. |
How the score is calculated
LintLiot starts at 100 and applies deductions and bonuses based on your app’s current state: Deductions| Factor | Impact |
|---|---|
| Each open critical finding | −15 |
| Each open high finding | −7 |
| Each open medium finding | −3 |
| Each open low finding | −1 |
| Each active threat in the last 24 hours | −5 |
| Each failed critical compliance control | −10 |
| Learning mode active (enforcement not yet enabled) | −10 |
| No MFA detected on your account | −8 |
| Factor | Impact |
|---|---|
| All compliance frameworks passing | +5 |
| Encryption coverage on sensitive fields | up to +10 |
“Active threats” means security events with CRITICAL or HIGH severity detected in the last 24 hours, not the total historical count. Threats that LintLiot blocked still count toward this deduction until the 24-hour window passes, because they signal that your app is currently under active pressure.
When the score updates
The score recalculates in real time — you don’t need to trigger it manually. It updates immediately when any of the following happen:- A new scan finding is created or marked as resolved
- A compliance control status changes
- A critical security event is detected
- You enable or disable learning mode
- Emergency lockdown is activated or lifted
What causes the biggest drops
Open critical findings (−15 each)
Open critical findings (−15 each)
Critical findings from the code scanner — SQL injection, hardcoded secrets, unsafe deserialization — have the highest per-item weight. A single unresolved critical finding drops your score by 15 points. Resolving or suppressing findings on the Scanner page removes the deduction immediately.
Failed critical compliance controls (−10 each)
Failed critical compliance controls (−10 each)
Each compliance framework has a subset of controls marked critical (for example, MFA enforcement under SOC 2 CC6.3, or encryption at rest under PCI-DSS 3.5). If LintLiot’s compliance engine marks one of these as failing, it deducts 10 points per control. The Compliance page shows exactly which controls are failing and what evidence would bring them back to passing.
Learning mode active (−10)
Learning mode active (−10)
The −10 penalty reflects that your app is running on generic protection thresholds, not the personalized baselines LintLiot built for your specific traffic. It disappears the moment you press Enable Protection on Day 8. See the Dashboard Overview for more on the learning phase.
No MFA detected (−8)
No MFA detected (−8)
LintLiot checks whether multi-factor authentication is active on your LintLiot account. If it isn’t, the score applies an −8 penalty. Enable MFA under Settings → Account security to remove it.
Active threats in the last 24 hours (−5 each)
Active threats in the last 24 hours (−5 each)
Brute force attempts, impossible travel events, credential stuffing detections, and other high-severity events each deduct 5 points while they’re within the 24-hour window. These deductions roll off automatically as time passes — you don’t need to do anything unless the attack is ongoing.
How to improve your score
Resolve open scanner findings
Go to Scanner and sort by severity. Start with CRITICAL findings — each one you resolve recovers 15 points. Use the Auto-Fix option where available, or follow the inline remediation guidance.
Enable enforcement mode
If you’re past Day 7 and haven’t enabled enforcement yet, go to Overview and click Enable Protection. This removes the −10 learning mode penalty immediately and activates baseline-relative threat blocking.
Enable MFA on your account
Go to Settings → Account security and enable multi-factor authentication. This removes the −8 MFA penalty.
Fix failing compliance controls
Go to Compliance, select a framework, and review the failed controls. Each critical control you bring to passing status recovers 10 points. LintLiot maps most controls to specific actions you can take directly in the dashboard.
Sharing your score
Once your score reaches the Excellent band (90–100), it’s worth making public. Your Security Certificate page atlintliot.com/verify/[your-app-slug] displays your live score, last scan date, active protections, and compliance framework status — with no login required to view it.