>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

16.6Establish and Maintain a Severity Rating System and Process for Application Vulnerabilities

IG2
IG3
Documentation
Govern

>Control Description

Establish and maintain a severity rating system and process for application vulnerabilities that facilitates prioritizing the order in which discovered vulnerabilities are fixed. This process includes setting a minimum level of security acceptability for releasing code or applications. Severity ratings bring a systematic way of triaging vulnerabilities that improves risk management and helps ensure the most severe bugs are fixed first. Review and update the system and process annually.

>Cross-Framework Mappings

SCF

RSK-01
Compare
RSK-01.1
Compare
RSK-02
Compare
RSK-02.1
Compare

>Relevant Technologies

Technology-specific guidance with authoritative sources and verification commands.

SonarQube

Ask AI

Configure your API key to use AI features.