Is there a better way of tracking and patching software security vulnerabilities?

Currently, my company is manually looking up our software packages on the National Vulnerability Database website (  We are then taking that list of software that has vulnerabilities and writing SQL Queries into our Microsoft (SMS) Systems Management Server database to find out which clients have which software versions that contain vulnerabilities.  We then have to create a .MSI file with the latest version of the software without the vulnerability and push it out to clients.  Our Operating System Patches are handled fine by WSUS via GPO's it's just every other application that presents this tedious process.  Is there some kind of better product or method that would allow us to streamline this process?
Who is Participating?
sjklein42Connect With a Mentor Commented:
Check out this site:

I use the free online scan.  You'll probably need the full CSI product.
Patchlink (now owned by Lumension) and Shavlik (now owned by VMware) are considered the Best of Breed in this space.
Secunia CSI is a great compliment to WSUS.  We also use Nessus which has a WSUS plugin which will query the WSUS server and see what patches have or have not been applied to your clients.  
Check out:
TheToneAuthor Commented:
I love the way Secunia automatically can update outdated apps with security patches.  Good find.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.