The process of vulnerability management (VM) can seem complex but the benefits are significant. There is little doubt that vulnerabilities, misconfigurations, and patches will not end anytime soon. Early in the formation of the VM industry, the process of scan, remediate, verify, and repeat was viewed as proactive security. The simple idea was to identify the vulnerabilities before the enemy could, and clean them up. For years this approach was accepted as common sense.