A financial institution is preparing to implement a vulnerability management program to enhance its cybersecurity posture.

As part of this process, the organization evaluates potential vulnerability management reporting and communication inhibitors.

Within this context, why could a memorandum of understanding $($MoU$)$ between the financial institution and a third$-$party vendor be a common inhibitor to effective vulnerability management reporting and communication? $($Select two.$)$

An MoU ensures that the financial institution can shift the responsibility of vulnerability management to the third$-$party vendor.

An MoU may not clearly define the roles and responsibilities of each party for vulnerability management.

An MoU can facilitate collaboration and information$-$sharing between the financial institution and the thirdparty vendor.

An MoU may include restrictions on sharing information about vulnerabilities.

An MoU normally does not outline items such as uptime, data access, and response times involved with mitigating vulnerabilities.