Putting system owners in Security Bug Jail

A security bug jail is a development practice where system owners cannot work on new features if their system has more than a set number of active security vulnerabilities (for example, a limit of 3). This approach prevents security debt (accumulated unfixed flaws) from growing uncontrollably over time by forcing teams to prioritize fixing existing security issues before adding new functionality.