Few years back, I was asked to build an asset management solution which should include all computers, servers, laptops, software, mobile devices etc. It was to meet a regulatory compliance requirement. I was very happy to take up that project, because for me compliance requirement was secondary. If we have a list of assets, then the solution would help me with the analysis of threats and vulnerabilities associated with each of those. I can configure the solution to give notifications and also it will advise me when vulnerability related to the Operating system or software is released. It seems to be simple, but was very challenging.