I've been looking into this for a little while, but havn't really found anything suitable.

What I am looking for is a system to track security vulnerability remdiation status. Something like "bugzilla for IT"

What I am looking for is something pretty simple that allows the following:

• batch entry of new vulnerabilities that need to be remediated
• Per user assignment
• AD/LDAP Authentiation
• Simple interface to track progress - research, change control status, remediated, etc.
• Historical search ability
• Ability to divide by division
• Ability to store proof of resolution for the Security Team to access
• Dependency tracking
• Linux based is best (that's my group :) )
• Free is good, but cost doesn't matter so much if the system is worth it

The systems doesn't have to have all of these features, but if it did that would be great.

yes we could use our helpdesk software, but that has a bunch of pitfalls such as triggering SLA alerts and penalties as well as not easily searchable outside of a group.

Most of what I have found are bug tracking systems that are geared towards developers, and are honstely way overkill for what I am looking for.

Server Faults input is greatly appreciated as always!