The OpenSSL (QID-38602) vulnerability is creating lot of confusion in our environment. We do weekly external scan, the OpenSSL vulnerabilities are not showing in every report. It is showing up in few weeks report and not showing in few weeks report. It is very inconsistent. The server owner are confirmed that the vulnerabilities are closed by installing necessary patches with screen shots. But it is still reporting on my scan. Can any other experiencing the same issue or any one can help me understand why it is? The point to be noted is, it is external scan using Qualys External scanner.