Public standards, like CVSS, attempt to capture the score of a vulnerability, while vendors use their own criteria from high/medium/low to complex algorithms. Do these systems deliver on their goal? Do these ratings accurately represent risk in an environment? Join us as we discuss what these metrics really mean, and how to determine what vulnerabilities present the greatest risk.