Hi,
I am looking for advice and guidance on the risk scoring best practices for vulnerability response when using a vulnerability triage process.
I am looking at automatically classifying / risk scoring the vulnerabilities based on metrics such as CVSS, Environments etc in an automated way but having the ability to override scoring if one of our vulnerability analysts has triaged the vulnerability and defined the risk to be lower than the automated rating or higher.
Thanks
