After completing a penetration test, the lead tester is preparing the executive summary. The client's CISO wants to understand the business impact of a critical vulnerability found in the customer-facing web application. Which of the following is the BEST way to convey this in the report?
Select one:
The trap here is that candidates confuse technical severity (CVSS) with business impact, assuming a ...