Computers, computer systems, and the applications running thereon are becoming increasingly complex. In addition, with the advent of the Internet and other modern networking technology, computers have become increasingly interconnected and remote accessibility of individual computers and computer networks has become more and more common. In part as a result of this complexity, the number of computer security vulnerabilities that need to be addressed continues to increase. For example, in the year 2000 alone, 650 operating system vulnerabilities were identified, including 126 in the Windows 2000/NT platform and another 46 in the Windows 9x platform. The Computer Security Institute reported 417 vulnerabilities for the year 1999, 1090 vulnerabilities for the year 2000, 2,437 in 2001, and a projected 4000+ vulnerabilities in 2002. Given these trends, it has become increasingly difficult to protect computers from security breaches via these vulnerabilities. Moreover, the task of maintaining security for these computer systems and/or networks has become increasingly burdensome and difficult.
Currently, organizations typically use vulnerability scanning software or managed security providers to test computers for security weaknesses. These tools generally provide detailed information on the vulnerabilities found in the computing environment, but provide limited means for correcting or resolving the detected vulnerabilities. In order for an organization to remove identified vulnerabilities, it typically must expend a large amount of labor and resources to identify and/or create a remediation for each vulnerability then even more labor to install the vulnerability remediation on the affected computers. Often, this involves visiting each individual computer and manually applying the necessary remediation. In addition, once the remediation is applied, a user can easily remove it, or install additional software that invalidates the remediation, thereby wasting all of the effort expended in performing the remediation.