How would you assess the severity of a newly identified vulnerability and decide on mitigation steps?