Tiers - DTVSS Commercial Licensing

Commercial tiers

DTVSS is offered in four tiers. Tier 1 is the public research preview at this site. Tier 2 unlocks the optional patent embodiments under a commercial licence. Tier 3 will be a white-glove managed service operated on the customer's behalf, currently in development. Tier 4 is a self-operated platform with login, dashboard, and agent integration. This page covers Tier 3 and Tier 4.

Tier 1 - Available now

Public research preview

Search, score, calibrate. Free. Non-commercial. The full deterministic engine over public sources.

Tier 1 · explore →

Tier 2 - Available now

Patent embodiments unlocked

Environment-adjusted exploitability (claim 8), temporal decay L_eff (claim 9), organisational risk scaling ORS (claim 17). Same deterministic engine, more of it.

Tier 2 · request pricing →

Reproducibility boundary

Across every tier, the DTVSS score itself is computed by the deterministic engine described in the patent specification, from publicly available data sources, without operator configuration. Two independent implementations will produce the same score for the same CVE on the same day.

In Tier 3 and Tier 4, AI agents prepare inputs to the engine. Examples include proposing a TGA class for a newly published device, summarising an ICSMA advisory, and drafting a remediation brief. A human approves before any value is written to the index. Agents do not compute, modify, or override DTVSS scores. The patent's reproducibility claim is preserved.

Tier 3 Coming soon

Managed agent service

DTVSS operated on your behalf. New ICSMA advisories are triaged, classifications are proposed and validated against regulator databases, and prioritised briefs are delivered to your clinical engineering and risk management teams. No infrastructure to deploy. No accounts to manage. Includes everything in Tier 1 and Tier 2.

H-classification assistance. Each newly published device is matched to TGA / Medsafe / EU MDR / MHRA / FDA classification with citations to the regulator entry. Class proposed; you sign off.
Advisory triage briefs. Each ICSMA advisory affecting a tracked device produces a one-page brief with the DTVSS score, KEV / EPSS context, affected models, mitigations, and SLA recommendation per the published thresholds.
Patent embodiments included. ZTA exploitability adjustment, temporal decay, and organisational risk scaling applied where appropriate to the customer's fleet. Computation deterministic; parameters disclosed.
Delivery channel of your choice. Email, secure download, or PDF delivery. No customer-side login or integration required.
Human-in-the-loop on every write. No agent output is published or scored without inventor sign-off.

Tier 3 · register interest →

Tier 4 Design partners - early access

Self-operated platform

Everything in Tier 3, but operated by your team inside a tenant you control. Login, dashboard, agent integration, and an API for pulling DTVSS scores into your own workflows. Available to design partners under early-access terms while the platform is built out.

Authenticated dashboard. Per-tenant view of the customer's fleet, advisory feed filtered to tracked devices, classification queue, brief archive, and scoring history.
Agent integration in-tenant. H-classification and triage agents run in the customer's tenant against the customer's fleet, with the same human-in-the-loop approval gate.
API access. Programmatic DTVSS lookup, fleet-aware ORS computation, and webhook notifications for KEV matches against tracked devices. Score computation remains deterministic; the API exposes the engine, not the agents.
Audit trail. Every classification decision, every score recomputation, every agent proposal and human approval recorded for ISO 14971 alignment.
Design partner terms. Reduced fee for early-access partners in exchange for feedback on the dashboard and agent UX. Limited cohort.

Tier 4 · apply for early access →

Tier 3 capabilities in detail

Three operational capabilities sit on top of the deterministic scoring engine, with explicit human approval gates.

Capability 1

H-classification

Maps an affected device from an ICSMA advisory to its TGA / FDA / MDR / MHRA / Medsafe classification. Output: proposed H value (2.0 / 5.0 / 7.5 / 10.0) with regulator-database citation. Human approves before write.

Capability 2

Advisory triage

Composes a one-page brief per relevant advisory: device, vendor, DTVSS score, KEV / EPSS context, affected models, mitigations, recommended SLA tier. Brief is reviewed before delivery.

Capability 3

Fleet prioritisation

Applies the optional organisational scaling step from the patent (ORS = DTVSS × F(N)) to the customer's fleet, producing a ranked queue. Computation deterministic; F(N) and N disclosed.

What Tier 3 and Tier 4 do not change

The DTVSS formula. No tier modifies the multiplicative scoring function from claim 3, the calibration of k = 15, or the KEV override.
The H spacing. Class I = 2.0, IIa = 5.0, IIb = 7.5, III = 10.0 are fixed per the patent and apply identically across tiers.
The data sources. CVE discovery from CISA ICSMA. Scoring inputs from NVD / MITRE / CISA Vulnrichment, EPSS, and the KEV catalog. No proprietary feeds in the scoring path.
Reproducibility. A second implementation of DTVSS, given the same CVE on the same day and the same H, will produce the same score regardless of tier.

Engagement model

Both Tier 3 and Tier 4 begin with a discovery conversation to scope the customer's fleet, regulatory jurisdictions, and delivery requirements. A statement of work follows. Tier 4 design-partner onboarding is staged against the platform roadmap.

Pricing is set per engagement. Both tiers require a commercial licence under the Business Source License 1.1 terms.

Start a conversation →

Intellectual Property

Patent Pending - IP Australia
DTVSS™ - Trademark pending
© 2026 Andrew Broglio. All rights reserved.
Licensed under Business Source License 1.1 (BSL 1.1)
Non-commercial use permitted. Commercial licence required for production use.

RESEARCH PREVIEW - Tier 1 is a non-commercial research demonstration. Not a certified medical device risk management tool. Commercial licence required for production use.