New feature helps security teams cut through the noise with contextualized, customer-specific risk scoring across more than 200 tools

DefectDojo, the pioneer in scalable security, unified vulnerability management and DevSecOps, today announced the launch of risk-based prioritization capabilities for DefectDojo Pro. This new feature enables application and infrastructure security teams to prioritize vulnerabilities based on real-world risk—not just severity scores—using a range of factors including exploitability, reachability, revenue impact, potential compliance penalties, user records and more.

With the number of Common Vulnerabilities and Exposures (CVEs) issued increasing by 20% this year alone, security teams are facing unprecedented volumes of vulnerabilities and alerts. Traditional severity-based scoring from scanners often fails to account for business context, leaving teams overwhelmed and critical risks hidden in the noise. Teams are often left staring at long lists of "critical" and "high" findings without clear guidance on what truly needs to be addressed first. DefectDojo’s new risk-based prioritization addition addresses this gap, offering teams the ability to assess and act based on what truly matters to their organization.

The new engine automatically contextualizes vulnerability scores for each customer, using available metadata to deliver insights that reflect the unique threat landscape and operational realities of each environment. The result is faster, smarter remediation decisions and a major leap forward for risk-based vulnerability management.

"Security teams are already flooded with findings and recent disruptions to the CVE program and the EU’s push for alternative vulnerability coordination have only added to the uncertainty," said Greg Anderson, CEO and founder of DefectDojo. "Our new risk-based capability gives teams the clarity they need to cut through the noise, focus on what’s truly critical and protect their organizations more effectively."

This feature builds on DefectDojo’s commitment to delivering practical, scalable solutions shaped directly by customer feedback. Other recently launched capabilities in the DefectDojo Pro platform include the Rules Engine, which allows teams to automate finding management and remediation workflows without human effort and the universal parser, which ingests data from any tool producing JSON or XML, improving flexibility and integration.

To learn more about DefectDojo and get started with either the OWASP Edition or Dojo Pro, or connect with the team at AppSec EU, contact hello@defectdojo.com.

About DefectDojo

DefectDojo is the engine that drives DevSecOps, providing an open, scalable platform that connects security strategy to execution. By aggregating data from any security tool, automating manual processes, and delivering AI-powered insights, DefectDojo empowers organizations to have a unified view of security posture, automate operations to increase productivity, and improve decision-making. For more information, visit defectdojo.com or follow us on LinkedIn or GitHub.

View source version on businesswire.com: https://www.businesswire.com/news/home/20250513967867/en/