Regarding improvements I would like to see in Qualys Policy Compliance, there are a couple of vulnerabilities where the metrics that are already there and the way Qualys measures those metrics and labels them as critical, high, or low does not align with my understanding from a user standpoint. Every time, I have to put in a false positive. Since I have been doing that for the past one year, the same vulnerability tends to pop up and they mark it as critical. Qualys needs to update and rediscover those weaknesses and re-label them. I understand what the company design and what the tool does, but it takes some time for us to manage those things. In terms of missing features that I would like to see included in Qualys Policy Compliance, I do not think there are any. The feature does what we require and does the job. If there were some sort of reporting that fulfills auditor's requirements, particularly if there is an external audit and they ask us for any historical data like how long we have been compliant to the PCI framework, that would be valuable. Having reporting that shows historical data that we have been compliant from the date of inception, for example, from 2023 to 2025 onwards, would bring value to what we are reporting.
