Blog

Updates on what we ship and how we think about public hardening checks—not penetration testing.

Run the scanner from the homepage; ship fixes faster with stack guides.

RSS feed

May 16, 2026
CVE pages, second pass: keyword search, AI interpretation, and broader NVD coverage
The Latest CVE notices page and per-CVE detail pages got a substantial rebuild this week: keyword and ID search across the full NVD catalog, a new Newest tab for fresh disclosures regardless of severity, plain-English plus technical AI summaries on every detail page, and faster load times via deferred rendering. Awareness coverage now extends well past the curated CISA KEV slice.
Read more
May 8, 2026
Scorifya is now on the iOS App Store
Scorifya for iOS pairs with the web product so you can run a public hardening scan from your phone, browse the latest CISA KEV CVEs on the go, and manage your watch list without opening a laptop. Free to download, free to scan; Pro unlocks higher limits via Apple in-app purchase.
Read more
May 5, 2026
When to run another scan (deploys, DNS, or a new app)
A short playbook for coming back to Scorifya after the kinds of changes that usually move TLS, headers, or mail DNS—so your score matches what visitors actually see.
Read more
April 29, 2026
Wave 3 progress: watched domains live; email digest and Sign in with Apple coming next
Watched domains are live for signed-in users — Free can watch one, Pro supports many more (fair-use cap), with automatic weekly re-scans. The weekly KEV digest and Sign in with Apple are next on the roadmap.
Read more
April 28, 2026
Wave 2 shipped: per-CVE pages, per-check guides, stack guides, and RSS
We turned the existing scan vocabulary into real, indexable pages: every KEV CVE has a /cve/[id] page, every finding id with hand-tuned guidance has a /checks/[id] page, and four stack guides under /guides reuse the same content blocks.
Read more
April 27, 2026
Wave 1 shipped: free Pro trial, shareable scan permalinks, and embeddable score badges
Pro now starts with a 7-day free trial (no card required). Every scan can become a public, indexable permalink at /r/[token] with a dynamic OG image, plus an SVG score badge you can paste anywhere.
Read more
April 27, 2026
Share permalink lifetimes now scale by plan
Anonymous scan permalinks now persist for 1 day, signed-in free accounts for 5 days, and Pro for 30 days. Same indexable /r/[token] page, same SVG badge — just lifetime tuned to how the share is most likely to be used.
Read more
April 26, 2026
New page: Latest CVE notices (CISA Known Exploited Vulnerabilities feed)
Scorifya now publishes a Latest CVE notices page sourced from CISA’s Known Exploited Vulnerabilities catalog feed, with the latest 50 notices, built-in search, and vendor advisory links where available.
Read more
April 26, 2026
Fix Priority Engine: rank remediation by impact, severity, and effort
Scorifya now surfaces a Top Fixes First list that ranks findings by potential score impact, then severity, then likely effort, with a projected score estimate and confidence note.
Read more
April 22, 2026
Deeper TLS snapshots, robots.txt, and more passive DNS signals in every scan
What we added: bounded TLS 1.2/1.3 handshake views and curated cipher probes, robots.txt hygiene, CAA plus MTA-STS and TLS-RPT when MX exists, BIMI on the apex label, and richer security.txt fields—still passive, still explained on the methodology page.
Read more
April 13, 2026
TLS versions, certificate expiry, and HTTPS redirects in one browser-style check
Why teams bundle TLS hygiene with headers and DNS when they want a release-week score—not a raw certificate dump or a disconnected header list.
Read more
April 12, 2026
DMARC, SPF, and what a public scan can infer about email posture
How passive DNS fits a website hardening score: what we read from TXT and MX without sending mail, and why p=none versus reject still shows up in your scorecard context.
Read more
April 11, 2026
How to check if your site sends an HSTS header (and what “preload” means)
A practical mental model for Strict-Transport-Security: what scanners can observe on first request, how preload lists differ from a one-line header, and where Scorifya surfaces copy-ready fixes.
Read more
April 10, 2026
Smarter hardening checks: fix what matters first
Scorifya now surfaces the most impactful issues first, with clearer severity labels and copy-ready config examples—still a public hardening check, not a penetration test.
Read more

Blog

Updates on what we ship and how we think about public hardening checks—not penetration testing.

Run the scanner from the homepage; ship fixes faster with stack guides.

May 16, 2026

CVE pages, second pass: keyword search, AI interpretation, and broader NVD coverage

The Latest CVE notices page and per-CVE detail pages got a substantial rebuild this week: keyword and ID search across the full NVD catalog, a new Newest tab for fresh disclosures regardless of severity, plain-English plus technical AI summaries on every detail page, and faster load times via deferred rendering. Awareness coverage now extends well past the curated CISA KEV slice.

May 8, 2026

Scorifya is now on the iOS App Store

Scorifya for iOS pairs with the web product so you can run a public hardening scan from your phone, browse the latest CISA KEV CVEs on the go, and manage your watch list without opening a laptop. Free to download, free to scan; Pro unlocks higher limits via Apple in-app purchase.

May 5, 2026

When to run another scan (deploys, DNS, or a new app)

A short playbook for coming back to Scorifya after the kinds of changes that usually move TLS, headers, or mail DNS—so your score matches what visitors actually see.

April 29, 2026

Wave 3 progress: watched domains live; email digest and Sign in with Apple coming next

Watched domains are live for signed-in users — Free can watch one, Pro supports many more (fair-use cap), with automatic weekly re-scans. The weekly KEV digest and Sign in with Apple are next on the roadmap.

April 28, 2026

Wave 2 shipped: per-CVE pages, per-check guides, stack guides, and RSS

We turned the existing scan vocabulary into real, indexable pages: every KEV CVE has a /cve/[id] page, every finding id with hand-tuned guidance has a /checks/[id] page, and four stack guides under /guides reuse the same content blocks.

April 27, 2026

Wave 1 shipped: free Pro trial, shareable scan permalinks, and embeddable score badges

Pro now starts with a 7-day free trial (no card required). Every scan can become a public, indexable permalink at /r/[token] with a dynamic OG image, plus an SVG score badge you can paste anywhere.

April 27, 2026

Share permalink lifetimes now scale by plan

Anonymous scan permalinks now persist for 1 day, signed-in free accounts for 5 days, and Pro for 30 days. Same indexable /r/[token] page, same SVG badge — just lifetime tuned to how the share is most likely to be used.

April 26, 2026

New page: Latest CVE notices (CISA Known Exploited Vulnerabilities feed)

Scorifya now publishes a Latest CVE notices page sourced from CISA’s Known Exploited Vulnerabilities catalog feed, with the latest 50 notices, built-in search, and vendor advisory links where available.

April 26, 2026

Fix Priority Engine: rank remediation by impact, severity, and effort

Scorifya now surfaces a Top Fixes First list that ranks findings by potential score impact, then severity, then likely effort, with a projected score estimate and confidence note.

April 22, 2026

Deeper TLS snapshots, robots.txt, and more passive DNS signals in every scan

What we added: bounded TLS 1.2/1.3 handshake views and curated cipher probes, robots.txt hygiene, CAA plus MTA-STS and TLS-RPT when MX exists, BIMI on the apex label, and richer security.txt fields—still passive, still explained on the methodology page.

April 13, 2026