Publisher Summary This chapter discusses the elements and aspects of an effective vulnerability management program. It refers to setting goals for the program and the need to get buy-in from senior management. It highlights the importance of communication and the inclusion of all parties (lines of business, IT, and security) to the success of a program. Vulnerability management is composed of six stages that include identification, assessment, remediation, reporting, improving, and monitoring. The chapter explains the intricacies of each stage and suggests best practices for each. It briefly explains governance and its impact on a vulnerability management program, as well as the roles which regulations play in elevating IT governance within corporate America. It shows how to measure a vulnerability management program and provides examples of how to do this. It discusses the more effective method of measuring the maturity of a vulnerability management program, and a method for determining the current state of a program. Vulnerability management is best defined as the overall process of managing the risk presented to an enterprise due to vulnerabilities, whether they are software or hardware related. Vulnerability management ties directly into vulnerability discovery and vulnerability assessment in many ways, and depends greatly on the patch management process as well.