I've typically used a dynamic search list for "patch available" when creating reports.
The problem with this approach is the report doesn't include things that are configuration issues
QID 70003 Null Session / Passwod netbios access
qid 27210 unauthenticated access to ftp server allowed
qid 38304 ssh protocol version 1 supported
qid 100012 Insecure MIcrosoft Internet Explorer Intranet Zone User Setting Detected.
Using 'no patch available' in an exclusion search list has similar results. that's kind of expected.
Is there any way to JUST exclude the zero days, and the items the vender hasn't patched yet?