Gamifying Security with Red Team Scores

This article describes a method for creating security scores that compare different teams or services based on their security issues, helping organizations identify which areas need the most attention. The scoring system uses a multiplier (a scaling factor that makes severe issues count for much more than minor ones) to weight critical bugs more heavily than lower-severity ones, then sums these weighted values into a single score that can be displayed on a dashboard. By showing these scores to management, teams can have discussions about why some services have worse scores than others, which encourages improvements in security practices.