| With the rapid development of information technology, information systems applications is constantly expanding, the data information is a strategic resource of the argument has been accepted by the people, protection of information resources and thus become a fundamental and strategic work. More and more enterprises and the user’s computer system is Windows, Linux and other operating systems, patch management system requires a dedicated computer system for the provision of such a large bug fixes security. Foreign patch management software cannot effectively support the Chinese patch repository, while the domestic research and development of the patch management system as vulnerability scanning, vulnerability test results did not realize the different aspects of vulnerability, patch management standardization and standardization.The thesis’ research background is the project source code defect detection platform, for identifying vulnerabilities in the characteristics of the project the way, static analysis, testing and other characteristics, makes use of OVAL vulnerability detection technology for the system scan, and developed a set of test results compared with the OVAL Vulnerability Matching patch management system. This research and design work mainly involves the following three aspects:1. This paper analyzes and studies related to vulnerability and patch theory and technology, OVAL, CVE and the relationship between the two analyzed and discussed the software vendors or security organizations of the patch management process, the research and practice patch management after the final draw the three stages of management process conclusion.2. In the process of patch management system built on the basis of the framework, research and design of the OVAL-based vulnerability detection patch management system for the entire patch management system lays out a complete workflow. The system structure, function modules, and other key technologies described in detail. Construction of the Windows server patch management system, server Linux patch management system, middle management and the client agency, research and solve the middle coordinated management system patch management module, the definition of database server Windows patches, service-side definition of library and other Linux patches Key technologies.3. The system is based OVAL standard way of vulnerability testing and results that will be inter-related vulnerabilities and patches to make patch management standardization and standardization, this proposed future work plan and goals. Further planning and detailed design of the future of the system, research and development of prototype system and applied in practical environments. |