Steeper learning curve than PTES or OWASP - The rav calculation, while valuable, can be complex to implement - Less widely adopted in North American commercial pentesting - Can feel academic compared to the practical focus of PTES