Sample VERA Assessment
Explore a representative VERA assessment and see how externally verified findings are translated into actionable vendor risk intelligence. Organization details have been anonymized, but the scoring methodology, evidence citations, and report structure reflect actual assessment output.
Acme Co.
redacted-vendor.example
High Risk1critical 2high
Profile based on 8 domains with 43 total findings.
Alert Domains
1/8
Total Findings
43
High+Critical
3
Composite
67/100
Domain Risk Profile
This chart compares relative risk across all scoring domains. Larger outward shape indicates stronger security posture in that area.
Risk Summary
Generated [Anonymized date/time]
Acme Co. is assessed with an overall score of 67/100 and classified as High Risk, with high vendor criticality. The Compliance domain score is notably low at 48/100, indicating significant exposure in regulatory and governance areas. Evidence shows the absence of a privacy policy, and no trust center or responsible-disclosure program is publicly discoverable.
Critical and High Findings
The live result lists findings by domain and severity. This sample uses expandable blocks to show representative drill-down detail without requiring JavaScript.
Critical F-001: No DMARC record is published for primary domain (DNS and Email) E-001
Without DMARC enforcement, spoofed email can pass recipient checks and increase phishing exposure for customer and partner inboxes.
Status: Unresolved | Affected Scope: Primary domain mail flow | Source: DNS TXT inspection (May 2026)
High F-002: SPF record missing for sending domain (DNS and Email) E-002
SPF absence prevents receiving systems from validating authorised outbound infrastructure, weakening impersonation controls.
Status: Unresolved | Affected Scope: Root and transactional sender domains | Source: DNS SPF query
High F-003: DKIM selectors not discoverable for assessed namespace (DNS and Email) E-003
Missing DKIM selectors reduce message integrity verification and increase downstream deliverability and trust concerns.
Status: Unresolved | Affected Scope: 12 tested selector conventions | Source: Selector probe set
Elevated F-004: No public privacy policy detected in compliance surface (Compliance and Governance) E-004
For a high-criticality vendor, missing privacy disclosures create legal and procurement friction, especially for regulated buyers.
Status: Requires vendor confirmation | Source: Public website policy crawl
Elevated F-005: Trust center and security governance pages not publicly discoverable (Security Maturity) E-005
Absence of baseline trust artifacts reduces transparency for third-party assurance and may extend procurement review cycles.
Status: Open | Source: Public site and indexed page discovery
Evidence References
| ID | Source | Type | Confidence | Retrieved | Related Findings |
|---|---|---|---|---|---|
| E-001 | DMARC TXT lookup | DNS | High | [Anonymized] | F-001 |
| E-002 | SPF TXT lookup | DNS | High | [Anonymized] | F-002 |
| E-003 | DKIM selector probe (12) | DNS | Medium | [Anonymized] | F-003 |
| E-004 | Policy and legal page crawl | OSINT | Medium | [Anonymized] | F-004 |
| E-005 | Trust artifact discovery set | OSINT | Medium | [Anonymized] | F-005 |
Score Computation
| Area | Score | Weight | Contribution |
|---|---|---|---|
| Attack Surface | 81 | 18% | 14.58 |
| Breach and Dark Web | 100 | 15% | 15.00 |
| Code and OSINT Leaks | 100 | 8% | 8.00 |
| Compliance and Governance | 48 | 10% | 4.80 |
| DNS and Email | 36 | 12% | 4.32 |
| Financial and Reputation | 69 | 12% | 8.28 |
| Security Maturity | 29 | 10% | 2.90 |
| Vulnerability Exposure | 100 | 15% | 15.00 |
| Weighted Average | 72.9 | Criticality adj. | 67 / 100 (High Risk) |
Disclaimer: This sample is illustrative and based on publicly observable signals, third-party intelligence, and automated analysis. It does not replace legal, technical, or contractual due diligence.