Aaron Kaplan and Frederic Baguelin discuss the importance of identifying and evaluating security vulnerabilities in software development and system management. They highlight the increasing trend of zero-day attacks, which exploit previously unidentified vulnerabilities, and emphasize the need for vigilance and effective methods of triage. The authors outline industry-defined best practices for evaluating and responding to emerging vulnerabilities, including assessing vulnerability severity using the Common Vulnerabilities and Exposures (CVE) Program and the Common Vulnerability Scoring System (CVSS). They also discuss the importance of enriching CVSS scores with additional factors such as exploitability, impact, temporal metrics, environmental metrics, hype, and trendiness. The authors provide guidance on establishing a base score, assessing attack surfaces, evaluating hype and searching for proof-of-concept code, computing enriched scores, and determining next steps in response to emerging vulnerabilities. They also highlight the role of tools such as Datadog's Service Catalog and Incident Management in streamlining the process and improving collaboration among teams.