For a typical enterprise with 3 critical web apps (monthly → 80), 200 internal hosts (quarterly → 60), 50 non-critical (annually → 20). Weighted average ≈ 67 . 2.3 Depth (D) – Weight 25% The sophistication level of testing. Inspired by PTES (Penetration Testing Execution Standard).
Formula: F = (Sum over all assets of [multiplier × asset_criticality_weight]) / Total criticality weight indexof ethical hacking
D = Average depth score across all tested asset categories A unique addition: ethical hacking is useless without fixing findings. For a typical enterprise with 3 critical web