Gartner Research

BMC Products for Vulnerability Management

Published: 17 December 2007

ID: G00203375

Analyst(s): Eric Maiwald


BMC Software offers the components of a full agent-based vulnerability management system in an integrated line of products. The products offer extensive workflow and the partnership with eEye Digital Security adds an agentless assessment capability able to pull asset information from BMC Atrium and open tickets in BMC Remedy. All is not perfect, however, because BMC products do not provide a true picture of risk and lack standards support. In this Product Profile document, Senior Analyst Eric Maiwald examines the features and shortcomings of the BMC products for vulnerability management.

Table Of Contents


  • History
  • Integration Between Products
  • Research Team
  • Risk Calculations
  • Workflow
  • Standards
  • Bottom-Line Assessment

The Details

  • Asset Discovery
  • Vulnerability Identification
  • Classification and Prioritization
  • Exception Handling
  • Workflow
  • Remediation
  • Management Capabilities
  • Standards Support
  • A Worked Example
  • Pricing
  • Roadmap


©2021 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. It consists of the opinions of Gartner’s research organization, which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner’s Usage Policy. Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research organization without input or influence from any third party. For further information, see Guiding Principles on Independence and Objectivity.

Already have a Gartner Account?

Become a client

Learn how to access this content as a Gartner client.