Decision Matrix

Turn vulnerability signals into the right defender action.

Use this page when a CVE or advisory has several signals and you need to choose patch, mitigate, detect, monitor, validate, or escalate without overreacting.

Decision rule: urgency is not one score. Combine exploitation, exposure, affected version, patch availability, business impact, source confidence, and operational risk before assigning work. When scores disagree, use Disputed CVSS Guidance before setting priority.

Action Lanes

Choose the lane that best matches the evidence

Evidence Checklist Patch vs Mitigate Escalation Ladder Open playbooks

Signal Combinations

Common patterns and the safer default action

Copy Blocks

Plain-language snippets for tickets and handoffs

Recommended use: open this page from a detail record, check the priority model, pick the lane, gather evidence, then use Playbooks or the relevant tool to prepare the actual handoff.

Evidence Checklist Priority Model Patch vs Mitigate Responsible KEV Escalation Ladder Handoff Center Open Playbooks Tools Hub