Not every vulnerability can be of the same severity level. Vulnerabilities are usually classified in various categories, such as critical, high, medium, low, and informational. However, the ones with critical and high severity levels need to be given priority action. This metric gives a quick overview of all the open critical and high vulnerabilities within the organization. This helps the management in prioritizing vulnerability remediation. Data for this metric can be published and compared on a quarterly basis, with the value for every quarter ideally lesser than the previous one.