The 17 Blockers (which in this case were security issues that made the application vulnerable) were up first. After that, SonarQube was configured to do a code analysis every day and to be intolerant of new issues - as no more technical debt was to be built up.
The next step was much more difficult to identify. Should you deal with the issues by level of severity? At first you might think so - and that would be a completely classic approach. But it would take a great amount of time and maybe you then wouldn't have time to fix all the remaining issues before your next release? If you have too much to do it's important to use your time wisely.
But is there a better way to prioritize technical debt then? Of course there is, and I will tell you about it below.