A post on Vulnerability Management this week on the Tripwire blog: https://www.tripwire.com/state-of-security/building-vulnerability-management-program-scratch

Investment in vulnerability scanners is an obvious starting place, but consider the role of your patch management solutions, threat intelligence feeds, and reporting tools and make sure that they fit your organization’s size and needs. 

For me, VM is part of a program that requires much more work than just putting a scanner in place - I hope my post reaches some of the people that need to hear that!