2. Subscribe to an RSS feed to find new exploits
How are you checking that your unresolved vulnerabilities have not become more of a risk?
Sites like Exploit Database, and many similar, provide information on new known exploits for active vulnerabilities.
A known exploit for a vulnerability within your digital estate can change the risk rating considerably, but static vulnerability information, such as those in spreadsheets and ticketing systems, does not get updated with this new context automatically.
This information can be subscribed to, using an RSS feed, or by checking back at regular intervals.
The CVE numbers associated with each exploit will allow you to check your records to see if any new updates affect your existing vulnerabilities.