TL;DR

  • Risk level combines impact, likelihood, and detectability.
  • A higher risk label means higher downside or weaker control.
  • Use this rubric to interpret risk pages consistently.

How to use this page

  1. Read the risk page for context and evidence.
  2. Use the rubric below to understand the label.
  3. Check mitigation guidance before acting.

Risk factors

  • Impact: how bad is the failure if it happens?
  • Likelihood: how likely is the failure based on evidence?
  • Detectability: how easy is it to notice before damage occurs?

Risk levels

Low

  • Impact is limited or reversible.
  • Likelihood is low or evidence is sparse.
  • Mitigations are straightforward and easy to verify.

Medium

  • Impact is meaningful but not catastrophic.
  • Likelihood is plausible based on signals.
  • Mitigations require process or policy changes.

High

  • Impact is severe or hard to reverse.
  • Likelihood is supported by multiple signals or recent enforcement.
  • Mitigations are complex, costly, or uncertain.

What would change the label

  • New policy updates or enforcement patterns
  • Clearer evidence of frequency or severity
  • Improved official tooling that reduces risk
  • /verify/methodology/
  • /risks/