vulnerability-management

# Vulnerability Management

End-to-end vulnerability lifecycle from discovery through remediation and verification.

## When to Use This Skill

**Keywords:** vulnerability management, CVE, CVSS, remediation, patching, risk prioritization, EPSS, KEV, vulnerability disclosure, bug bounty, patch management, vulnerability scanning, asset inventory

**Use this skill when:**

- Setting up vulnerability management programs
- Interpreting CVSS scores and metrics
- Prioritizing vulnerability remediation
- Designing patch management processes
- Implementing vulnerability disclosure programs
- Managing bug bounty programs
- Tracking CVE/CWE/NVD data
- Creating SLA policies for remediation

## Quick Decision Tree

1. **Understanding vulnerability scores?** → See [CVSS Scoring](#cvss-scoring-overview)
2. **Prioritizing what to fix first?** → See [Risk-Based Prioritization](#risk-based-prioritization)
3. **Designing remediation workflow?** → See [references/remediation-workflow.md](references/remediation-workflow.md)
4. **Setting up disclosure program?** → See [Vulnerability Disclosure](#vulnerability-disclosure)
5. **CVSS calculation details?** → See [references/cvss-scoring.md](references/cvss-scoring.md)

## Vulnerability Lifecycle

```text
┌─────────────────────────────────────────────────────────────────┐
│               VULNERABILITY MANAGEMENT LIFECYCLE                 │
├─────────────────────────────────────────────────────────────────┤
│                                                                  │
│  DISCOVER ──▶ ASSESS ──▶ PRIORITIZE ──▶ REMEDIATE ──▶ VERIFY   │
│      │          │           │              │            │        │
│      ▼          ▼           ▼              ▼            ▼        │
│  ┌───────┐  ┌───────┐  ┌────────┐    ┌────────┐   ┌────────┐   │
│  │Scanner│  │CVSS   │  │Risk    │    │Patch/  │   │Rescan/ │   │
│  │Pentest│  │Context│  │Matrix  │    │Config  │   │Validate│   │
│  │Bug    │  │Assets │  │EPSS+KEV│    │Mitigate│   │Close   │   │
│