When facing growing common CVEs, security professionals want to know two things:

1. Do I have the resources to patch all these?
2. Which vulnerability is the most critical to my organization?

The precision of identifying the risk extent is in direct correlation with the scope of the data input the VPT can access and process, ranging from CVSS score to business risk evaluation and technological context.