Typically, assigning a risk rating to the vulnerability involvesa risk analysis based upon factors such as impact and exposure.Business CasesFor the security test metrics to be useful, they need to provide value back to the organizations security test datastakeholders, such as project managers, developers, information security offices, auditors, and chief information officers.The value can be in t