Abstract
The Common Vulnerabilities and Exposures (CVE) database lists a large number of vulnerabilities that are present in specific versions of software libraries and applications, but although there is a severity ranking, it does not immediately follow that an identified vulnerability with high severity will be particularly important for a specific application. This paper presents the motivation for CVE Prioritization for a given case and describes an outline process for evaluating the priority of CVEs via risk assessment simulations.