Defining, identifying, classifying and prioritizing vulnerabilities in computer systems, applicationsand network infrastructures and providing the organization doing the assessment with the necessary knowledge, awareness and risk background to understand the threats to its environment and react appropriately.
