Merge pull request #208 from corrupt/patch-1

Added Generation of patch management statistics

Author: wurstbrot

src/assets/YAML/default/TestAndVerification/Consolidation.yaml

@@ -51,6 +51,30 @@ Test and Verification:
       isImplemented: false
       evidence: ""
       comments: "The [DefectDojo-Client](https://github.com/SDA-SE/defectdojo-client/tree/master/statistic-client) generates statistics from OWASP DefectDojo and places the results in a [github repository](https://github.com/pagel-pro/cluster-image-scanner-all-results)."
+    Generation of Patch Management Statistics:
+      risk: Delays in patch response lead to an increased attack surface through longer exposure of known vulnerabilities.
+      measure: Average time to patch is visualized per component/project/team.
+      difficultyOfImplementation:
+        knowledge: 2
+        time: 2
+        resources: 1
+      usefulness: 2
+      level: 3
+      dependsOn:
+      - A patch policy is defined
+      - Automated PRs for patches      
+      implementation:
+      - $ref: src/assets/YAML/default/implementations.yaml#/implementations/owasp-defectdojo
+      - $ref: src/assets/YAML/default/implementations.yaml#/implementations/purify
+      - $ref: src/assets/YAML/default/implementations.yaml#/implementations/business-friendly-vulnerability-metrics
+      references:
+        samm2:
+        - I-DM-3-B
+        iso27001-2017:
+        - 16.1.4
+      isImplemented: false
+      evidence: ""
+      comments: ""
     Definition of quality gates:
       risk: Improper examination of vulnerabilities leads to no visibility at all.
       measure: |-