What the trust score actually measures

A trust score is a single number between zero and one, attached to a single device. That is the part everyone sees. The part that matters is what sits underneath it — because a number you can't decompose is a number you can't defend.

This is a field note on what the score is made of.

Five domains, not one opinion

The score is not a vibe. It is composed across distinct domains, each measuring something different about whether a system is fit to be relied on:

• Lifecycle health — is the software supported, or has it crossed into end-of-life? This scores supportability, not age: a deliberately maintained older system can be healthier than a newer one that has been abandoned.
• Operational risk — exposed surface, known vulnerabilities, missing controls like encryption or a host firewall.
• Availability — is the system actually reachable and behaving, or degrading?
• Modernization — where observable, how far the system has drifted from a defensible baseline.
• Energy and efficiency — where there is enough signal to say anything meaningful about it.

Each domain contributes to the composite. None of them is the whole story alone, which is exactly why no single one is allowed to be.

The score decomposes — always

The number is never the end of the conversation. Every score breaks back down into the factors that produced it, so you can see precisely which signal moved the needle: an operating system three months past end-of-life, a missing disk-encryption, a management port exposed to the internet, a known and exploited CVE sitting on hardware you'd stopped thinking about.

"This host scored low" is not an answer anyone can act on. "This host scored low because it is running an unsupported OS and exposing a management port" is. The second one tells you what to fix and lets you argue with the verdict if you think it's wrong. A score you can't interrogate is a score you have to take on faith — and faith is the thing this whole discipline exists to replace.

And it will tell you when it doesn't know

The most important property of the score is the one most scoring systems quietly skip: it is honest about the limits of its own knowledge.

When the available signal is too thin to reach a conclusion, the device does not get a flattering default. It reads Unknown. Not trusted, not untrusted — not enough seen yet. Raising coverage (installing the sensor, or adding agentless credentials) is what turns an Unknown into a real verdict.

A number that is always confident is easy to produce and impossible to trust. A number that knows when to abstain is the only kind worth putting in front of an auditor, a board, or a decision you'll have to stand behind.