...

EdgeX grades security issues on the CVSS (Common Vulnerability Scoring System) scale.  The four levels are critical, high, medium and low level issues.

SIR Team Member Qualifications

...

The SIR team member brings security knowledge, product experience to comprehend issue ramifications, has contributed to one or more EdgeX components, passion, and a can-do attitude. She/he must honour the requirement to responsibly disclose security (see responsible_disclosure) security issues. Each issue needs to be triaged,  a clear understanding obtained, its criticality determined, and more often than not one or more members of the EdgeX community  approached to develop  a fix or workaroundIn essence not disclose the issue to the public all a fix or workaround is developed and we have had an opportunity to alert known production deployments to apply the fix. The SIR team member will aid in triaging the issue (develop clear understanding,  rank it, assist and/or identify EdgeXers to help develop fix or workaround and document the issue). The SIR team will work with QA and product definition teams roadmap  teams to test fixes, determine release timeline and morerespectively.

Release Specific Known Issues

...