We did make a database with only the vulnerabilities that is present on our systems. We added data fields for each VulnID that give us the Manufacture, Impacted Product, Remediations(Patch, Software removal or Configuration Ajustement), The Patch number.
The easiest way to get the patch number for Microsoft and Adobe vulnerabilities is the get the patch number from the Title between the "( )" ex. "(MS00-000) - Title of the vulnerability "
We only have to enter the data for newly discovered vulnerability *(that could be easily enter from McAfee when they update the database).
After all that, it is easy to create a reporting system that give you, the patch missing, the unwanted software and the configuration ajustements for any system.