Which of the following is a limitation of the Common Vulnerability Scoring System (CVSS) as it relates to conducting code review?
A. It has normalized severity ratings.
B. It has many worksheets and practices to implement.
C. It aims to calculate the risk of published vulnerabilities.
D. It requires a robust risk management framework to be put in place.