Control your products and have all important info in one place
After you have discussed all business risks and bug severities, you can transform them to numbers (weights).
All we need is just to sum all bugs severities and multiply by business criticality.
WRT = ( (BugN * Severity) + (BugN+1 * Severity) ).... * Business criticality
Let's say we have the "great public site" product with stored XSS, SQLi and Account takeover via Open Redirect.
WRT = ( (XSS) + (SQLi) + (?) ) * Business criticality
If we have a non-typical vulnerability, we must set it's severity by using our special page
From there we get High priority for our Account takeover
WRT = ( 5 + 10 + 5 ) * 0.9 = 18
Must set the risk-appetite, based on business risks
Example
The target initial (can be changed) risk-appetite will be :