Tracking Device Vulnerabilities
Phase 4 — Monitoring & Policies · OpenFrame Onboarding
Knowing what's installed is half the picture (the Software tab); knowing what's risky is the other half. The Vulnerabilities tab on a device cross-references that installed software against known security issues, so you can catch exposure before it becomes an incident. This guide covers reading it.
Where it is
Open a device from Devices, then the Vulnerabilities tab on its detail page. It works hand-in-hand with the Software tab's per-app Security column — Vulnerabilities is where a flagged app's detail lives.
Reading the results
- No Vulnerabilities Found — the clean state: "All installed software is up to date and secure." Nothing flagged for this device.
- Vulnerabilities listed — each flagged item points back to installed software with a known issue, so you can see which app and version is exposing the machine.
Because the check is driven by the device's actual software inventory, a device that's fully patched and current shows clean, while one running outdated software surfaces here.
Turning findings into action
Vulnerabilities tracking is a monitoring activity — it belongs to the same "get ahead of problems" mindset as the rest of Phase 4:
- Remediate the source. A flagged app usually means an out-of-date version. Update or remove it (a script from Phase 5 is often the fastest fix across machines).
- Confirm patch posture. Cross-check the device's Compliance tab (patch status) — many vulnerabilities trace back to missing patches (see Device Compliance & Evidence, Phase 9).
- Make it routine. Scan vulnerabilities as part of your regular health pass, not just after an alert — that's the whole point of proactive monitoring.
Quick checklist
- Opened a device's Vulnerabilities tab
- Read the state — No Vulnerabilities Found vs. flagged items
- Traced any finding back to the installed software behind it
- Planned remediation (update/remove, often via a script)
- Cross-checked patch status on the Compliance tab
- Folded vulnerability review into your regular monitoring routine
What's next
Vulnerabilities and patching connect straight to compliance and audit evidence: Device Compliance & Evidence (Phase 9) shows patch status, applied policies, and compliance checks in one place.
Based on OpenFrame v0.9.19. Vulnerability detection depends on the software inventory and evolves between releases — what's in your console wins. This sensitive area touches security posture; treat findings as a prompt to verify, not a guarantee of complete coverage.
