I've always thought this should be a canned report but after wanting it for a while I finally dug in on how to do it. All of the previous reports I could find were pre-10.0 so the SQL report examples I could find examples of no longer worked.
The below report will list missing patches per device that is actually missing patches. You can remove the P.SEVERITY != 'low' if you are interested in those patches as well, depending on if you are detecting them.
I hope this helps someone out there.