Pakiti provides a monitoring and notification mechanism to check the patching status of systems.
Once installed on a client host, Pakiti will send every night the list of installed packages to the relevant Pakiti Server(s). After the client sends the list of installed packages, Pakiti server compares the versions against versions which Pakiti server obtains from packages repositories (ordinary packages repositories maintained by Linux distribution provider) and OVAL definitions from MITRE. Optionally client reports back the packages which should be upgraded, security updates are specially marked.
Pakiti has a web based GUI which provides a list of the registered systems and the list of the pending patches for them. This helps the system administrator keeping multiples machines up-to-date and prevent unpatched machines to be kept silently on the network.
In addition, a security module in Pakiti is able to distinguish security fixes from normal bug fixes/product improvement for all Linux distributions which has packages repositories based on rpm (yum) or dpkg (apt) and has different location for normal and security updates.
For Linux distributions based on the RedHat and Debian, Pakiti is able to check packages against CVEs (http://cve.mitre.org).