If you get put in charge of vulnerability management for a large organization with many internet facing websites, you may run into some roadblocks on
1) Determining who owns what websites,
2) What servers host which websites.
3) What virtual IP’s load balance to which internal webserver hosts.
4) Which different outsourced entities have ownership over different websites and IP ranges.
5) Getting a listing of your total internet facing IP ranges.
6) Determining which websites and IP ranges are hosted by your company, and which are 3rd party.
7) Determining which websites process any PCI or PII data.