The OWASP community recently published the Vulnerability Management Guide (OVMG) - essentially a guide to building a vulnerability management process.
Want to take a test to determine if you need a reliable vulnerability management program or not?
Follow the link above.
Vulnerability management is one of the most effective means of controlling cybersecurity risk. Yet, as indicated by the wave of massive data breaches and ransomware attacks, all too often organizations are compromised over missing patches and misconfigurations. Vulnerability management seeks to help organizations identify such weaknesses in its security posture so that they can be rectified before they are exploited by attackers. The OWASP Vulnerability Management Guide (OWASP VMG) project seeks to establish guidance on the best practices that organizations can use establish a vulnerability management program within their organization. The guide provides in depth coverage of the full vulnerability management lifecycle including the preparation phase, the vulnerability identification/scanning phase, the reporting phase, and remediation phase.
OWASP VMG is for technical and non-technical professionals who are on the front line of information security engineering and their managers.