The expression description and the example don't match.
Perhaps more importantly the example of 1-(A/B) provides a nicer target but the description results in the inverse.
This metric measures the percentage of critical vulnerabilities that are not fixed or marked as accepted within the time specified by policy.
Percentage: 100 * A/B
A = Number of unaccepted critical or high vulnerabilities with an age greater than the policy defined maximum age
B = Total number of critical or high vulnerabilities within this period
Example:
Percentage: 100 * 1-(A/B)
A = Number of deployed production appliances with unaccepted critical
or high vulnerabilities with an age greater than the policy defined
maximum age
B = Total number of deployed production applications
The expression description and the example don't match. Perhaps more importantly the example of 1-(A/B) provides a nicer target but the description results in the inverse.