Update vulnerability-management.md

Author: adonm

docs/baselines/vulnerability-management.md

@@ -11,6 +11,8 @@ The links embedded in the checklist below are to recommended approaches that can
 - [ ] Automate asset discovery
     - [ ] Validate internet-facing asset ownership and daily discovery with the WA SOC.
     - [ ] Implement fortnightly [asset fingerprinting and discovery](https://www.runzero.com/docs/discovering-assets/) across all network connected devices. Use an approach like [fragile device scans](../guidelines/runzero-ot.md) for scanning Operational Technology (OT) or across fragile networks.
+        - [IVRE (GPL-3.0 license, self-hosted)](https://ivre.rocks) or [runZero](https://www.runzero.com) are high performance asset discovery and fingerprinting platforms that can scan the full IPv4 address space on a weekly basis.
+        - The [WA Government Vulnerability Scanning Platform](https://www.wa.gov.au/organisation/department-of-the-premier-and-cabinet/vulnerability-scanning-service) has [Discovery Scans](https://www.wa.gov.au/organisation/department-of-the-premier-and-cabinet/vulnerability-scanning-service) available however these need scoping to subnets for performance. 
 - [ ] Implement daily active [Web](https://www.tenable.com/products/tenable-io/web-application-scanning) & [Basic Network Scans](https://docs.tenable.com/nessus/Content/ScanAndPolicyTemplates.htm#Scanner_Templates) across internet-facing assets 
 - [ ] Implement Cloud Security Posture Management (CSPM) to inventory and assess all public cloud resources (example controls to assess: [Microsoft cloud security benchmark (v1)](https://learn.microsoft.com/en-us/security/benchmark/azure/overview) ).
     - [ ] [Tenable CSPM](https://docs.tenable.com/cloud-security/Content/About/AboutTenablecs.htm) supports AWS, Microsoft Azure, and GCP