Reporting helps the system admins understand the current security state of an organization, the areas that are still unsecure, and points out the person who is responsible for that. Reporting also gives something tangible to management so that they can associate it with the future direction of the organization.

Remediation starts the actual process of ending the cycle of vulnerability management. Remediation compliments this by coming up with solutions to the threats and vulnerabilities that are identified. All of the vulnerable hosts, servers, and networking equipment are tracked down and the necessary steps are established to remove the vulnerabilities as well as protect them from future exploits. It is the most important task in the vulnerability management strategy and if well—executed, vulnerability management is termed to be a success. Activities in this task include the identification of missing patches and checking for available upgrades to all systems in an organization. Solutions are also identified for the bugs that were picked up by scanning tools. Multiple layers of security such as antivirus programs and firewalls are also identified at this stage. If this phase is unsuccessful, it makes the whole vulnerability management process pointless.