Creating a Patch and Vulnerability Management Program