Security Audit calculates an audit score for each API it analyzes, based on the annotations in the OpenAPI definition.
Each API definition gets an initial pool of 100 points, split between the two categories of security risks as follows:
During the audit, each security risk that Security Audit finds in the API definition takes away points according to the impact of the found issue, reducing the audit score of the API. In other words, the more points an API definition has, the better and more secure it is.