I work in a big company and one of my tasks is vulnerability management.
I’m not really experienced in this field, so I’d like to ask you if you can share the methodology you use to perform risk based vulnerability management.
From what I’ve read usually the elements to work with are: CVSS score, involved assets, location (exposed or local).
Is there some kind of workflow / matrix template or something to use to streamline the process?
Can you share your experience?