How do you prioritize vulnerability patching when operational uptime is critical and a patch might break the system?