The purpose of patch management is twofold:

Firstly, it is aimed at providing insight into the current state of vulnerabilities and patches applied within the managed infrastructure.

The second goal is to to create a stable ( safe) system in the most efficient manner with minimal disruption ”
 Whitepaper Patchmanagement – NCSC

The vulnerability scan service gives customers insight in the current state of vulnerabilities per system/application. Vulnerabilities are classified according to the Common Vulnerability Scoring System (CVSS) with rating like Critical, High, Medium, Low and Informational.

This highly level information is required for the risk management and change management processes. System and Application administrators need detailed information to remediate the discovered vulnerabilities. Multiple high level and detailed representations (charts, tables, summaries) of the vulnerability data will be included in the report.

I’ve worked with multiple patch management products and software distribution services and created many custom installation/deployment scripts.

Critical Security Control #3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers