How to read these cards. Each vendor is a collectible trading card — inspired by the comics and card games the creator grew up with. Click any card to flip it and see the detailed view on the back.
Front side: The monogram and security grade (A through F) are at the top. Five horizontal bars rate patch velocity, disclosure quality, resilience, CVE posture, and concentration risk. The facts strip shows raw numbers. Cards with a gold border and holographic shimmer are WR Featured — these include a one-sentence practitioner editorial take.
Back side: The detailed view shows the vendor's risk profile as card "abilities." The symbols in the top-right encode deployment complexity — more symbols mean a larger attack surface. The gem next to the type line indicates tier (gold = universal infrastructure, silver = sector-critical, dark = category leader). The colored pips at the bottom rate incident behavior: React (did they detect it first?), Respond (how did they handle disclosure?), Resilient (how fast did customers recover?).
Scoring: Grades are computed from Mean Time to Patch (30%), CISA KEV count (25%), zero-day exploits (20%), critical CVE ratio (15%), and trend (10%). Data sourced daily from the National Vulnerability Database and CISA KEV feeds. Editorial ratings (React, Respond, Resilient) are assigned manually by wangreport.com after real incidents — no algorithm produces these.
Mana symbols (top-right of back): The colored circles encode deployment complexity and sector personality, MTG-style. The COUNT (2-5 pips) reflects tier — Tier 1 universal infrastructure gets 4 pips, Tier 3 category leaders get 2. High-risk vendors (grade D or F) get one extra pip. The COLOR encodes sector character: U blue = intelligence/trust (endpoint, identity, email), G green = resilience/perimeter (network, devops, itsm), W white = scale/governance (cloud, ERP, payments, healthcare, insurance), B black = visibility/secrets (siem), R red = physical danger (OT/ICS). So AWS shows four W's (cloud, Tier 1) and SentinelOne shows two U's (endpoint, Tier 3).
CISO Alert Mode: Press this button to filter the view to only vendors with active CISA Known Exploited Vulnerabilities or recent zero-day exploits. Use it when you need to see which vendors in your stack have active threats right now.
Vendor packs: Some vendors have multiple distinct products with separate security profiles. Look for the "N modules" badge — click "View modules" below the card to see individual product cards, each with their own grade. The parent card shows the worst-of score across all modules.