◦ CVSS high (7-10) vulnerabilities identified prior to release, through internal testing or from an external source, is remediated immediately.

◦ CVSS medium (4 - 6) vulnerabilities identified after a release will be patched in minor release.

◦ CVSS low vulnerabilities will be patch on subsequent quarterly release.