[Integrates] Use reachability as a priorization criterion
Problem to solve
While the "reachable" tag already exists for some vulnerabilities, it is currently not a factor in the prioritization process. This limits flexibility for users who may want to prioritize vulnerabilities differently based on reachability. Adding this factor will allow clients to assign additional priority points—or reduce priority—based on whether a vulnerability is tagged as "reachable."
Intended users
Platform users.
Permissions and Security
N/A.
Proposal
Introduce "reachability" as a criterion in the priority score policies. This feature will allow clients to include reachability as a factor that can modify priority scores, enabling them to add or subtract priority points depending on whether vulnerabilities are tagged as "reachable."
Steps
-
Add reachability to the priority score. -
Document the new reachability prioritization and how clients can configure it. -
Make sure that the code contributions checklist has been followed.
What does success look like, and how can we measure that?
Reachability scores are configurable and impact the final vulnerability priority score.