Sally wants to identify a way to prioritize vulnerabilities discovered by her vulnerability scanner. Which of the following options will allow her to prioritize vulnerabilities effectively while taking her own organization’s needs into account?

CVSS environmental scores help organizations take their own requirements and risks into account. That means that Sally can use numeric scores to prioritize risk while using her organization’s needs and unique threat model. Qualitative and quantitative risk assessments are useful, but they are not as well suited to leveraging data from a vulnerability scanner in a timely manner.