Software vulnerability detection in managed networks

What is claimed is: 1. A system comprising: persistent storage containing representations of configuration items discovered in a managed network, wherein the configuration items include computing devices deployed within the managed network, software applications installed on the computing devices, and relationship data mapping the software applications to the computing devices on which they are installed; and one or more processors configured to: obtain results of a vulnerability analysis performed on a software application discovered in the managed network, wherein the results indicate that the software application exhibits a vulnerability, and wherein the vulnerability is associated with a severity factor that indicates criticality of the vulnerability; determine, from the representations of configuration items in the persistent storage, a count of computing devices on which the software application is installed; calculate a security threat score for the software application having the vulnerability, wherein the security threat score is at least based on the severity factor of the vulnerability and the count of computing devices; provide, to a first entity associated with development of the software application, a first indication of the software application and the vulnerability; and provide, to a second entity associated with operation of the managed network, a second indication of the software application, the vulnerability, and the security threat score. 2. The system of claim 1 , wherein obtaining results of the vulnerability analysis performed on the software application comprises obtaining results of a static or dynamic code analysis performed on source or object code of the software application, wherein the static or dynamic code analysis is performed by a third-party vulnerability detection tool that is integrated with the system. 3. The system of claim 1 , wherein obtaining results of the vulnerability analysis performed on the software application comprises obtaining results of a vulnerability scan of the software application as deployed in the managed network, wherein the vulnerability scan is performed by a third-party vulnerability detection tool that is integrated with the system. 4. The system of claim 1 , wherein the vulnerability is also associated with an exploitability factor that indicates a skill level required to exploit the vulnerability, and wherein the security threat score is also based on the exploitability factor. 5. The system of claim 4 , wherein the security threat score is also based on an exposure factor that represents ease of access to exploiting the vulnerability. 6. The system of claim 1 , wherein the security threat score is scaled by a multiplicative factor representing a logarithmic function that grows with the count of computing devices. 7. The system of claim 6 , wherein the logarithmic function is based on a partial sum of a harmonic series up to the count of computing devices. 8. The system of claim 1 , wherein the security threat score is also provided to the first entity. 9. The system of claim 1 , wherein the first indication and the second indication take a form of email, text message, telephone call, or web-based graphical user interface. 10. The system of claim 1 , wherein the one or more processors are further configured to: calculate a service-level security threat score for a networked service provided by the managed network, wherein the networked service involves the software application having the vulnerability, wherein the networked service is defined by a set of the configuration items and relationships therebetween as indicated by the relationship data, and wherein the service-level security threat score is based on severity factors associated with the set of the configuration items. 11. A computer-implemented method comprising: obtaining results of a vulnerability analysis performed on a software application discovered in a managed network, wherein the results indicate that the software application exhibits a vulnerability, wherein the vulnerability is associated with a severity factor that indicates criticality of the vulnerability, wherein persistent storage contains representations of configuration items discovered in the managed network, and wherein the configuration items include computing devices deployed within the managed network, software applications installed on the computing devices, and relationship data mapping the software applications to the computing devices on which they are installed; determining, from the representations of configuration items in the persistent storage, a count of computing devices on which the software application is installed; calculating a security threat score for the vulnerability, wherein the security threat score is at least based on the severity factor of the vulnerability and the count of computing devices; providing, to a first entity associated with development of the software application, a first indication of the software application and the vulnerability; and providing, to a second entity associated with operation of the managed network, a second indication of the software application, the vulnerability, and the security threat score. 12. The computer-implemented method of claim 11 , wherein obtaining results of the vulnerability analysis performed on the software application comprises obtaining results of a static or dynamic code analysis performed on source or object code of the software application, wherein the static or dynamic code analysis is performed by a third-party vulnerability detection tool that is integrated with a remote network management platform that is associated with the managed network. 13. The computer-implemented method of claim 11 , wherein obtaining results of the vulnerability analysis performed on the software application comprises obtaining results of a vulnerability scan of the software application as deployed in the managed network, wherein the vulnerability scan is performed by a third-party vulnerability detection tool that is integrated with a remote network management platform that is associated with the managed network. 14. The computer-implemented method of claim 11 , wherein the vulnerability is also associated with an exploitability factor that indicates a skill level required to exploit the vulnerability, and wherein the security threat score is also based on the exploitability factor. 15. The computer-implemented method of claim 14 , wherein the security threat score is also based on an exposure factor that represents ease of access to exploiting the vulnerability. 16. The computer-implemented method of claim 11 , wherein the security threat score is scaled by a multiplicative factor representing a logarithmic function that grows with the count of computing devices. 17. The computer-implemented method of claim 16 , wherein the logarithmic function is based on a partial sum of a harmonic series up to the count of computing devices. 18. An article of manufacture including a non-transitory computer-readable medium, having stored thereon program instructions that, upon execution by a computing system, cause the computing system to perform operations comprising: obtaining results of a vulnerability analysis performed on a software application discovered in a managed network, wherein the results indicate that the software application exhibits a vulnerability, wherein the vulnerability is associated with a severity factor that indicates criticality of the vulnerability, wherein persistent storage contains represe