Embodiments disclosed herein describe one or more servers of an enterprise system that may be configured to receive security and vulnerability information from a plurality of data sources and then rate them based upon their respective variance from an enterprise policy or status quo configuration in a related process area. The servers may execute scoring modules to normalize the data received from the data sources to tailor the system response to a given vulnerability. As such, identified vulnerabilities may be rated according to the needs of the enterprise, rather than being rated according to the factory or default configurations of a particular data source.