As an Information Security Officer I'd like to see known CVEs from public sources, which refer to the vendors and software listed within Secfix for our tenant. This would support the vulnerability check/non-conformities for the continuous tracking.

The premium version would mark computers with identified vulnerabilitites, although this is quite operational and goes far beyond a certification tool.