A vulnerability management method acquires, during an OS runtime of an information handling system, vulnerability information indicating potentially vulnerable resources of the system. Disclosed methods calculate a vulnerability determination code (VDC) based on the vulnerability information. The VDC may indicate a scan zone that includes one or more scan zone components. Each component may correspond to a region of a potentially vulnerable resource. After a system reset, disclosed methods may perform a vulnerability aware (VA) boot sequence. The VA boot sequence may include, prior to booting a runtime operating system, determining, in accordance with the vulnerability information, whether to perform a comprehensive vulnerability detection (CVD) boot. A CVD boot refers to a boot sequence configured to boot a distinct operating system dedicated to performing a targeted vulnerability assessment that includes scanning the scan zone components indicated by the VDC. This dedicated OS may be implemented as an embedded OS (EOS).