To patch all the reported vulnerabilities immediately without further analysis

To calculate the risk score of the vulnerabilities using the Common Vulnerability Scoring System (CVSS)

To assess the impact of potential vulnerabilities on the confidentiality, integrity, and availability (CIA) of the system

To distinguish between false positives and true positives and confirm that the vulnerabilities are genuine