If your job currently involve analysing security threats and their risk for the company or organisation, with the purpose of determining which vulnerabilities need to be fixed first as priority, this publication from Kenna Security is worth to read.

They tried, scientifically, formulating insights to predict and prioritise the security threats based on published vulnerabilities (CVE) data taken from 2019.

There are no (and shouldn’t be) single answer of — which or how — vulnerability management carried out, every organisation are unique, so understanding the concept and adopting them to your own organisation is a better approach.