A rating used to calculate vulnerability based on the relative availability of information that discloses a vulnerability. For example, if a vulnerability is disclosed in books or on the Internet, the information factor is rated high. If a vulnerability is not well-known and little or no documentation on the vulnerability exists, information is rated low.