Vulnerability management is the process in which vulnerabilities in IT are identified and the risks of these vulnerabilities are evaluated. This evaluation leads to correcting the vulnerabilities and reducing the risk or a formal risk acceptance by the management of an organization (e.g., in case the impact of an attack would be low, or the cost of correction does not outweigh possible damages to the organization). SANS Institute Reading Room.