The data is then analysed to enable a risk based decision.
Factors to consider include;
1. Location of the devices affected by the vulnerability
2. The difficulty of the vulnerability being exploited
3. The importance of the service and its data operating on the affected equipment.
4. The impact of problems with the patching process and unavailability of the service.
5. Recovery time of the service should the vulnerability be exploited.
6. The recovery time if the patch fails.
All of these factors will influence