I work as an Engineering Director for a large software company and manage multiple products. For every release, my applications need to go through a security process. We have lots of external/homegrown tools for finding security vulnerabilities. Once we find the vulnerabilities, we track the risks per project/per release in Jira which is not very efficient since Jira is essentially a bug tracking system.<p>Over a period of time, it becomes quite challenging to manager open risks and prioritizes. I wanted to explore how other people are tracking open risks? Which system do you guys use, is there any standard tool that is more efficient?<p>Thanks for the help.