Why many vulnerability management functions are handled by finance or corporate, and not security March 1, 2002