Please describe vulnerability/patch management process for the system (how patches are identified, tested, and installed)?

We have a continuous build process with automated testing and a bug reporting mechanism where the user or person who reports the bug is able to hold it open or close it.