Organizations are routinely required to present their risk and security posture to customers, management, and auditors. There are a myriad of vulnerability datasets and online risk scoring tools available, but how can you use them to your advantage? This talk will focus on not only getting those troublesome scores and online databases to cooperate, but also setting them up to do your work for you. We will review current standard data sources and scoring models; various ways common environmental factors mitigate risk and how they apply in CVSS scoring calculations; and how to aggregate and use the results to inform security decisions within your organization.