Company85 interview question

How would you implement a vulnerability management program for a startup?