If you have made it to this point, you realize that the status quo of vulnerability management is broken. Programs based on the Common Vulnerability Scoring System (CVSS) result in massive overload, cluttering the backlogs of engineering teams and causing alert fatigue across the organization. Instead of focusing on the biggest risks, enterprises can drive themselves to distraction arguing about minuatie and wasting valuable time and resources on trivial issues. This policy is the result of the realization that change is urgently needed.