In this talk, we’ll discuss the necessary evil of the security and engineering world: vulnerability management. We’ll talk about why some parts of it have become bad, what really sucks. Then, we’ll end with the good parts; as well as how we can make our processes better so that security and general engineers alike can weather the vuln-management storm while meeting business needs.