My concern here is the 'proprietary algorithm' for computing the priority score. I'm not sure I'm comfortable with security scoring methodologies being treated as secrets. Leads me to wonder if they're actually good/useful/correct.
Severity scores are not enough for effective prioritization. @snyksec's new Priority Score is a comprehensive and contextual scoring system for vulnerabilities, designed to help teams quickly assess and prioritize fixes, more on this here snyk.io/blog/snyks-developerβ¦
Jul 23, 2020 Β· 9:03 AM UTC
2