...
The SIR team should periodically monitor the security issues and vulnerabilities pages of the third party dependencies and trigger the response procedures accordingly when a new issue has been discovered that has not yet been handled in EdgeX.
As for now, SIR team is relying on two products to scan and detect security vulnerabilities largely, which are Snyk and Clair scan. Once an issue is found, the SIR team will follow steps mentioned in "Response Procedures" accordingly.
Issue Levels
Issues that are deemed high, medium or low will be addressed as part of the planning for the next EdgeX release.
...