PurposeThe purpose of this policy is to establish vulnerability management controls and provide guidelines for their implementation. Vulnerability management encompasses source code, operating systems, runtimes, and devices, and vulnerability scans are performed externally