What changes after this module
Prioritise vulnerabilities using exploitability, exposure, asset value, and operational timing rather than severity labels alone.
Outcome promise
- Explain how to prioritise remediation with context instead of severity alone.
- Choose a sensible response for one vulnerability based on exposure and consequence.
Core model
Use the diagram and terms below as the minimum model you should be able to explain after this module. If you cannot explain the model in plain language, pause here before you move on.
Key terms
- Exploitability
- How feasible it is for the weakness to be used in practice.
- Remediation
- The action taken to reduce or remove the vulnerability.
Check yourself
Answer the prompt before you reveal the check. If you cannot answer it in your own words, revisit the model and the terms once more.
Quick check
Why is a high CVSS score not always the first thing you should fix?
Reveal the answer check
Because reachability, active exploitation, asset importance, and operational consequence may make another issue more urgent in context.
Reflection and evidence
Keep the evidence small. One honest reflection and one small artefact is enough to show that the learning changed how you describe, check, or design something.
Reflection prompt
Think of one open finding you know. What extra context would change how quickly you treat it?
Artefact
A remediation priority note with one vulnerability, one context factor, and one decision.
Optional deeper practice
Open the workspace and compare a few findings using severity, exploitability, exposure, and operational value.
Move through the course
Keep the flow predictable. Stay with the stage sequence unless you have a clear reason to jump around.