You're a Senior Backend Engineer responsible for a critical microservice. Your team has identified three high-priority tasks: a security vulnerability fix (CVSS 9.8), a performance optimization that could reduce latency by 30% for 50% of users, and a new feature requested by a key customer that promises a 15% revenue increase. All tasks require significant engineering effort and cannot be done simultaneously. How do you prioritize these, and what framework or methodology do you use to justify your decision to stakeholders?

I'd use a modified RICE (Reach, Impact, Confidence, Effort) framework, prioritizing Security first. Step 1: Address the CVSS 9.8 security vulnerability immediately. This is a critical P0 item, as its 'Impact' (data breach, reputational damage, regulatory fines) is catastrophic, and 'Confidence' in its necessity is 100%. Step 2: Evaluate the remaining two using RICE. 'Reach' (50% of users) and 'Impact' (30% latency reduction) for performance optimization versus 'Reach' (key customer) and 'Impact' (15% revenue increase) for the new feature. 'Effort' for both would be estimated. Step 3: Present this data-driven prioritization to stakeholders, emphasizing the immediate security risk mitigation and then the quantified business value of the subsequent tasks.

I would prioritize these tasks using a hybrid approach, starting with immediate risk mitigation for the security vulnerability, then applying a modified RICE (Reach, Impact, Confidence, Effort) framework for the remaining items. The CVSS 9.8 security vulnerability is a P0 item; its 'Impact' (potential data breach, regulatory fines, reputational damage) is catastrophic, and 'Confidence' in its necessity is absolute. This must be addressed first, as it poses an existential threat to the service and company. Once the security fix is deployed, I'd apply RICE to the performance optimization and new feature. For performance, 'Reach' is 50% of users, 'Impact' is a 30% latency reduction, 'Confidence' in these metrics is high, and 'Effort' would be estimated. For the new feature, 'Reach' is a key customer, 'Impact' is a 15% revenue increase, 'Confidence' in the revenue projection would be assessed with sales, and 'Effort' estimated. I would then present this data-driven prioritization to stakeholders, emphasizing the immediate security risk mitigation and then the quantified business value and user experience improvements of the subsequent tasks, ensuring transparency and alignment.