A vulnerability management (VM) program is an InfoSec team’s continuous responsibility to mitigate risks in the organization’s network in concert with management oversight balanced with business operations. VM is the foundation of a security program where the focus is on finding, categorizing, and assessing network assets for risk.