We are trialling Vulnerability Manager Plus.
To comply with Cyber Essentials we need to ensure that we update all software within 14 days of release, particularly if:
Fixes vulnerabilities labelled by the vendor as ‘critical’ or ‘high risk’
Addresses vulnerabilities with a CVSS v3 base score of 7 or above
No vulnerability details were provided by the vendor
How can we either report on this or better still, configure a dashboard for this?