When establishing a vulnerability management process, what ranking scheme is suggested for newly discovered vulnerabilities?

Prioritizing vulnerability remediation hinges on severity ranking. When a new vulnerability is found, you need a simple, consistent scale to indicate how urgent the fix is. High, Medium, or Low provides a clear three-level framework that reflects both impact and exploitable risk. A High rating signals serious risk with a good chance of exploitation or significant effect on critical systems, demanding rapid remediation. Medium represents moderate risk that should be addressed in a defined timeframe, while Low covers lesser risk that can be scheduled later. Using status-based options like Open/In Progress/Closed doesn't convey risk or urgency, and terms like Major/Minor aren’t the standard way to express vulnerability severity. This severity-based approach aligns with common vulnerability scoring practices and helps focus resources where they matter most.