What is the Risk Rating?
The ThreatLocker Risk Rating indicates how likely an application is to pose a security risk to your organization. The rating is based on several factors, including the software's reputation, known security issues, historical CVEs (Common Vulnerabilities and Exposures), the frequency and severity of past vulnerabilities, how quickly the vendor addresses security concerns, and the availability and consistency of information about the product and its developer. Applications with higher risk ratings may require additional review before being approved for use.
Factors That Influence Risk Rating
The ThreatLocker Risk Rating is based on several factors that help determine the potential security risk of an application:
- Country of Origin – Where the software was created and where the company is based.
- Development Team Location – The regions or countries where the software is primarily developed and maintained.
- Company Leadership and Ownership – The location and influence of key decision-makers, owners, and executives within the organization.
- Security History – Whether the application or company has a history of security vulnerabilities, how severe those issues were, and how effectively they were addressed.
- Vendor Reputation and Transparency – The company's track record, public reputation, and willingness to communicate openly about security incidents, vulnerabilities, and product information.
- Known Security Issues – Current or past vulnerabilities affecting the product, including whether security updates are provided promptly.
What is the Business/Combined Rating?
Business Rating
The ThreatLocker Business Rating reflects how valuable or important an application is for business operations. It helps identify whether an application is essential to productivity, collaboration, communication, or other business functions.
A higher Business Rating indicates that the application is likely to play an important role in the organization, while a lower Business Rating suggests it may be less critical or have readily available alternatives.

Combined Rating
The ThreatLocker Combined Rating provides an overall view by balancing an application's security risk against its business value.
The Combined Rating is calculated using both the Risk Rating and Business Rating:
- If the Risk Rating is higher than the Business Rating, the Risk Rating becomes the Combined Rating.
- Otherwise, the Combined Rating is calculated using a weighted formula:
- Risk Rating: 80%
- Business Rating: 20%
This approach ensures that security risk remains the primary consideration while still accounting for the application's business importance.

Help Center