I am looking to create a report for patch management after accepted risks on certain software version.  For example, I need to use Java 7 Update 67 for some software that is not yet compatible for Java 8.  So I would like to have an "exception report" that shows this list of devices using this outdated version of Java.  Then I would like an adjusted OVAL Device Compliance report that shows vulnerabilities with the accepted risks of the outdated version of Java.  So I would have two OVAL reports - one with the total of all vulnerabilities and one with the total of vulnerabilities that can actually be fixed.
Any suggestions would be appreciated.
0 Comments   [ - ] Hide Comments


Please log in to comment

There are no answers at this time
Answer this question or Comment on this question for clarity