Check out our free Google Doc template for building a risk-based vulnerability management policy, including:

A detailed methodology for calculating the risk posed by software vulnerabilities.

Clearly-defined roles and responsibilities for business and security leaders.

Easily modifiable entries that allow for customization based on your technology products, organizational structure, and risk appetite and tolerance.

Step-by-step instructions for how to configure the policy based on the above.