I have combined the patch availablity option along with exploitability to prioritize vulnerabilities. I sent this report to operations teams indicating these were quick wins. In reality, their time was wasted as the report lists vulnerabilities without taking into account the operating system detected by credetialed scans. For example, Microsoft may have patchs available for almost every flavor of OS but the one runnign on the identified server. Actually, why are reports polluted with patch links for operating systems that are not running on the server anyhow?