In past few months we have been trying hard to remediate a lot of active vulnerabilities. But when I try to pull a trend the figure do not reflect the work done by the remediation team.
Our approach to remediate the vulnerabilities was composed of patching to latest version (recommended one) & complete removal of software if it was not required.
A detailed analysis of the trend would reveal that Qualys do not count vulnerabilities as fixed for the items that doesn't exist on the system anymore. It stays open with last detected date in past inspite of a rescans. So the trending numbers doesn't reflect the true figures / effort putin by the team.
Can any one suggest how to get the accurate number of fixed issues that also includes vulnerabilities against softwares that have been removed.
Thanks & stay secure,