Dan Geer and Risk I/O Data Scientist Michael Roytman are featured in the USENIX Association’s Journal article, "Measuring vs. Modeling." Their article harks back to our long-running theme on focusing on remediating the vulnerabilities which _actually_ generate risk for your environment. Michael and Dan argue that using CVSS as a guide for remediation is not only ineffective at identifying vulnerabilities likely to be exploited, it is also a less cost-efficient way to run a security practice.