Thanks for replying Darren. As you can probably understand, it's very messy for all of us to create a "fix type' field using the recommendation field and is tough to maintain at a reliable level due to lack of consistency in wording. I  also have the same challenge determining security impact type(remote code exec, info disclosure, etc) as we are required to produce metrics on that data as well.

Back to the "fix type" field. We determine this value in excel. I'm sharing with you and the rest of the community just in case anyone needs some more ideas on how to be decently accurate and to aslo clarifiy what we are looking for.

Our possible values for this field are:

To determine this field we have two other fields..one to determine if there is a patch, and one to determine if there is a config change.

Where Cell AJ5 is the recommendation text

:Patch

=IF(COUNT(SEARCH({"not aware of a patch","patch is not applicable","patch is not yet available","unaware of any vendor-supplied patch","unaware of any fix ","unware of any vendor supplied patch","not aware of a vendor-supplied patch","not aware of a vendor supplied patch","unware of any vendor-supplied patch","not aware of any patches","not provide a patch"," unaware of a vendor-supplied patch"},AJ5)),"N",IF(COUNT(SEARCH({"a fix that can be applied","Security updates available","has provided a patch","has supplied a patch","driver update","has released an update","has issued patch","Fix Pack","Vendor updates are available","vendor has made an update available","Bulletin/MS","Download the patch","has provided patching","patch is available","has provided patch","released patches","has patched this flaw","resolves this issue"},AJ5)),"Y",IF(COUNT(SEARCH({"has released the update","oracle.com/technetwork","has released a patch","apache.org/dist/apr/","Updating to version","made updates available","vendor has made patches","issued a patch","install the latest patch","vulnerability is fixed","has released the updated version","ibm.com/aix/efixes","vmware.com/security/advisories","Download the latest version","upgrade","Update Apache","Update to","Update Sun","Download the lastest","Download version","recommends upgrading","Update OpenSSL","Update Wireshark","install the latest version","Update JBoss","wireshark.org/download","Patches for this issue can be downloaded"},AJ5)),"Y","N")))

:Config

=IF(COUNT(SEARCH({"no available workaround"},AJ5)),"N",IF(COUNT(SEARCH({"recommended to remove","workaround","steps","instructions","configuration","Disable","configuring","password","Registry edit"},AJ5)),"Y","N"))

Our fix type field uses the following logic:

If Config=No,Patch=No then No Fix/Unknown

if Config =No,Patch=Yes then Patch or Configuration Change

If Config=Yes,Patch=No then Configuration  Change

If Config=Yes,Patch=Yes then  Patch

Overall I believe that the mcafee scanning side of product works pretty well.

If you add some fields as recommended, you can save myself and your other customers alot of time paining through excel,access, or scripting to show the results we need appropriately.