A risk can be defined as a product of likelihood and impact of an event. Risk can be scored via utilizing various inputs to quantify a risk associated with a particular aspect of a product (e.g., a security risk associated with exploitation of a security vulnerability). Scoring risk can be useful in an information technology (IT) environment. For example, scoring risk associated with exploitation of a security vulnerability can contribute to accurately managing and assessing security risks of a software application.