-
Notifications
You must be signed in to change notification settings - Fork 267
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature request #236
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Can we get remediation reporting that talks about patches, configurations and/or software currency instead of vulnerabilities?
Fact is, nobody outside of security cares about vulnerabilities. In fact vulnerabilities are just the symptom of a faulty underlying service. VM is oversight on patch management, configuration management, and software currency. It would be fantastic to get remediation reports that tell them what patch, etc. the remediation team needs to do to fix it. The remediation recommendation behind the scenes provides priority based on vulnerability, but the remediation team doesn't need to know that. In fact installing a patch is often a many to one solution, where the patch will fix many vulnerabilities or varying severities. But as long as the urgent one is addressed the others are a matter of convenience. To be effective security needs to speak the common language of IT since they are the most common recipients of our outputs. Can we stop navel gazing an engage.
The text was updated successfully, but these errors were encountered: