• Request consultation
  • Newsletter
  • Deutsch Deutsch German de
  • English English English en
  • Italiano Italiano Italian it
  • Nederlands Nederlands Dutch nl
Greenbone
  • Products
    • OPENVAS BASIC
      • OPENVAS BASIC: Order
    • OPENVAS SCAN
    • Upcoming Solutions
      • OPENVAS SECURITY INTELLIGENCE
      • OPENVAS AI
    • Solutions for Your Sector
      • Educational Sector
      • Healthcare Sector
      • Public Sector
    • Technology
      • Feed Comparison
      • Product Comparison
        • OPENVAS vs. Nessus
      • Roadmap & Lifecycle
  • Service & Support
    • Technical Support
    • Self-Learning Courses
    • Documents
  • Events
    • Cybersec Europe 2026
    • Webinars
  • Partners
    • MSSP
  • About Greenbone
    • Careers
    • Contact
  • Blog
    • Know-how
      • Attack Vector Timeline
      • Cyberattacks and Defense
      • Cyber Defense Security
      • Cyber Resilience Act
      • Data Security
      • Digital Operational Resilience Act
      • Exposure Management
      • IT and Information Security
      • NIS2 Directive
      • Open Source Vulnerability Management
      • The Vulnerability Timeline
  • Click to open the search input field Click to open the search input field Search
  • Menu Menu
  • Products
    • OPENVAS BASIC
      • OPENVAS BASIC: Order
    • OPENVAS SCAN
    • Upcoming Solutions
      • OPENVAS SECURITY INTELLIGENCE
      • OPENVAS AI
    • Solutions for your sector
      • Educational Sector
      • Healthcare Sector
      • Public Sector
    • Technology
      • Feed Comparison
      • Product Comparison
        • OPENVAS vs. Nessus
      • Roadmap and Lifecycle
    • Request IT Security
  • Service & Support
    • Technical Support
    • Self-Learning Courses
    • Documents
  • Events
    • Cybersec Europe 2026
    • Webinars
  • Partners
    • MSSP
  • About Greenbone
    • Careers
    • Contact
    • Newsletter
  • Our Blog
    • Know-how
      • Attack Vector Timeline
      • Cyberattacks and Defense
      • Cyber Defense Security
      • Cyber Resilience Act
      • Data Security
      • Digital Operational Resilience Act
      • Exposure Management
      • IT and Information Security
      • NIS2 Directive
      • Open Source Vulnerability Management
      • The Vulnerability Timeline
  • German
  • English
  • Italian
  • Dutch
Greenbone AG

The Missing Handoff: How KIX and Greenbone Turn Vulnerability Scans Into Action

Blog

Greenbone, home of OPENVAS, and KIX Service Software

For the first time, attackers are exploiting unpatched vulnerabilities more often than they’re stealing credentials. According to Verizon’s 2026 Data Breach Investigations Report, vulnerability exploitation now accounts for 31% of breaches, ahead of credential theft at 13%. And the gap is moving in the wrong direction for defenders: the median time to fully patch a vulnerability climbed to 43 days, up from 32 the year before, while organizations patched only 26% of the vulnerabilities on CISA’s Known Exploited Vulnerabilities list, down from 38% in 2024 (we broke down what’s driving this shift here).

Scanners aren’t the bottleneck here. Finding a vulnerability and actually fixing it have turned into two separate problems, and the second one is losing ground.

Two trend charts: median time to fully patch a vulnerability rose from 32 days in 2025 to 43 days in 2026, while the share of known exploited vulnerabilities actually patched fell from 38 percent in 2024 to 26 percent in 2026.

Median time to fully patch a vulnerability
2025
 
32 days
2026
 
43 days
+11 days, 34% slower
Known exploited vulnerabilities actually patched
2024
 
38%
2026
 
26%
−12 points
Source: Verizon 2026 Data Breach Investigations Report

Detection was never the hard part

Greenbone’s OPENVAS has spent nearly two decades getting good at the first half: scanning a network, identifying what’s exposed, and scoring how dangerous it is. Elmar Geese, Greenbone’s CEO, likes to compare it to a swarm of robots checking every door and window in a house. They’re fast and thorough, and when they find a broken lock, they sound the alarm.

But an alarm only matters if someone acts on it. In most organizations, that’s where things stall. A scan result lands in a report, or an inbox, or a spreadsheet nobody opens until the next audit. Someone has to read it, work out what it actually means for their specific systems, decide who owns the fix, and turn that into a tracked piece of work with a deadline. That step requires security expertise that not every IT team has sitting around, and it’s exactly where things get lost: severity gets misjudged, tickets get duplicated or never created, ownership gets argued over after the fact instead of decided up front.

This is the part of vulnerability management that doesn’t show up in scanner marketing, but it’s where most of the real delay lives.

What the integration actually changes

KIX CEO Rico Barth puts it simply: the partnership closes the gap “between the detection and the resolution of vulnerabilities.” That gap is where a security finding used to need a translator. Now it doesn’t.

KIX, the open-source ITSM platform, and Greenbone have built a direct line between the two halves of the problem. When OPENVAS flags a vulnerability, it doesn’t generate a report and stop there. It opens a ticket in KIX automatically: classified as a security incident, tied to the specific device or software it affects, and sent to the team that owns that asset. The fix-it workflow, with deadlines, reminders, and escalations, starts the moment the vulnerability is confirmed, not whenever someone gets around to reading the scan output.

It also means an IT admin opening a ticket isn’t starting from zero. The asset, the affected system, who needs to be told, and how this fits into everything else currently open are all sitting right there. Nobody has to cross-reference three different tools to figure out what’s actually going on.

Flow diagram showing urgency decreasing as a vulnerability moves from detection, in red, to an automatically created ticket, in amber, to tracked resolution, in green.

Vulnerability detected
Flagged the moment a scan completes
 
 
 
Ticket auto-created
Classified and linked to the asset
 
 
 
Tracked to resolution
Deadlines, reminders, and escalation

The bonus nobody asked for: finding the stuff you didn’t know you had

There’s a side effect that turns out to matter almost as much as the ticketing itself. OPENVAS scans more than the systems IT already knows about. It finds the laptop a department bought without asking IT, or the server someone spun up two years ago and forgot about. That inventory now flows straight into KIX’s asset database.

Shadow IT is usually framed as a policy problem. In practice, it’s a visibility problem that gets worse as networks grow. Greenbone customers are routinely surprised by what shows up the first time their environment gets properly scanned. Folding that discovery into the same system that already handles tickets and ownership means an unknown device gets absorbed into the normal IT process right away, instead of sitting in its own blind spot.

Why this matters more given who’s actually doing the work

IT and security teams are stretched thin almost everywhere, and the manual interpretation step in vulnerability management has always assumed there’s enough specialized staff to do it well. That assumption is getting shakier every year. Take away the step where a human has to manually triage, classify, and route every finding, and smaller or generalist IT teams no longer need to borrow security expertise they didn’t have in-house just to keep up.

It also helps with something that eats more time than it should: proving you did the work. Documentation, deadlines, and resolution history land automatically in KIX, which makes audits against frameworks like NIS-2, ISO 27001, or BSI-Grundschutz considerably less painful, since the evidence trail already exists instead of getting reconstructed after the fact.

Try it where it counts

If your team is running OPENVAS and KIX separately today, or evaluating either one, this integration is worth a closer look specifically because it removes a step rather than adding one. Get in touch with us to see how the handoff from scan to fix works in your own environment, and what it would take to set up. And if you’re not scanning with OPENVAS yet, OPENVAS BASIC is a reasonable place to start before connecting the rest.

KIX Service Software logoAbout KIX Service Software

KIX develops and markets the IT service management software of the same name, one of the leading open-source ITSM systems on the market. Founded in 2006, the company employs more than 50 people across Germany and serves over 400 customers across industries for IT service management and technical support. More at kixdesk.com.

Greenbone logoAbout Greenbone

Greenbone develops OPENVAS, the most widely used open-source solution for vulnerability management, with more than 100,000 installations worldwide. Founded in 2008 and based in Osnabrück, Greenbone focuses on proactive IT security and data sovereignty through fully on-premises deployment. Greenbone is certified to ISO 9001, ISO 27001, and ISO 14001. More at greenbone.net.

 

Contact Test Now Buy Here Back to Overview
7. July 2026/by Greenbone AG
Share this entry
  • Share on LinkedIn
  • Share by Mail
https://www.greenbone.net/wp-content/uploads/greenbone-logo-2025.png 0 0 Greenbone AG https://www.greenbone.net/wp-content/uploads/greenbone-logo-2025.png Greenbone AG2026-07-07 08:38:382026-07-07 10:38:33The Missing Handoff: How KIX and Greenbone Turn Vulnerability Scans Into Action

Search

Search Search

Archive

  • 2026
  • 2025

Newsletter

Subscribe Now

OPENVAS BASIC

Our entry-level enterprise product

Test 14 Days Free of Charge

Products & Solutions

  • OPENVAS PRODUCTS
  • OPENVAS SECURITY INTELLIGENCE
  • OPENVAS SCAN
  • OPENVAS BASIC
  • OPENVAS FREE
  • OPENVAS AI
ISO9001-EN

Service & Support

  • Technical Support
  • FAQ
  • Documents
  • Warranty
  • Open Source Vulnerability Management
  • Cyber Resilience Act
ISO27001-EN

About us

  • About Greenbone
  • Partners
  • MSSP
  • License information
  • Privacy Statement
  • Terms & Conditions
ISO14001-EN

Contact with us

  • Contact
  • Newsletter
  • Media Contact
  • Careers
  • Security Response
  • Imprint
  • Grounding Page

Community

  • Community Portal
  • Community Forum
© Copyright - Greenbone AG 2020-2026
  • Link to LinkedIn
Link to: Cisco Enterprise Devices: More Critical Flaws and Active Exploitation in June 2026 Link to: Cisco Enterprise Devices: More Critical Flaws and Active Exploitation in June 2026 Cisco Enterprise Devices: More Critical Flaws and Active Exploitation in June...
Scroll to top Scroll to top Scroll to top
Contact
Request IT Security Contact Us Subscribe to Newsletter Follow on LinkedIn