@Limax Well, that's the essence of risk management. For the purpose of DevOps we don't need fully quantified RM, it's sufficient to know "vulnerable software increases likelihood of breach".