Following reproduced verbatim from Mudge and Sarah Zatko's Def Con 24 presentation.
| Value | Static Analysis Feature |
|---|---|
| -5 | No 64 bit version of application available |
| -20 | Each missing application armoring feature. This includes ASLR, DEP, Heap Protection, and Stack Guards. |
| -5 | Source code is not fortified at all. |
| +5 | Source code is entirely fortified. If source was a mix of fortified and unfortified functions, then source did not change at all. |
| -25 | Ick functions are present in the code. |
| -15 | Bad functions are present in the code. If there are only randomness functions in this category, such as rand or srand, then the penalty is 7.5 instead. |
| -5 | Risky functions are present. If there are only randomness functions for this category, the penalty is 2.5 instead. |
| +10 | Good functions are present. 10 points are added, not subtracted, in this case. If the only good functions are randomness functions, sucn as arc4random, then 5 points is added instead. |