A persistent thread mentioned throughout the years on Security Now is exploitation of vulnerabilities caused by lack of installing updates that address known flaws. Has anyone heard of any SAS solution to address this? A security company who you register with to list all your systems/versions could then act as an aggregator or clearinghouse, to provide you with real time updates or more simply real time notifications, respectively. I had seen some products over the years that sort of did some of this, but not anything comprehensive that might provide this as a simple and economic solution. If such a product is/were available insurance companies could force companies to prove they are following best practices by using it and keeping up to date – or else be able to deny insurance claims (as in ransomware insurance).