Beyond severity: triaging CVEs by what they actually entail
CISA moves federal vulnerability management off CVSS severity and onto real-world risk with new directive. We agree with that direction, and it mirrors how we think about CVEs: severity is one dimension among several, and runtime context is what narrows the list to the vulnerabilities that matter for your specific use.