NumCritical 10 > number of relevant fixlets whose (value of header "x-fixlet-source-severity" of it as lowercase = "critical") of sites Total number of critical patches must be less than 10 Compliant if True MaxPatchAge if (exists relevant fixlet whose ((value of header "X-Fixlet-Source-Severity" of it as lowercase = "critical") AND (value of header "X-Fixlet-Source-Release-Date" of it does not contain "Unspecified")) of sites "bessecurity") then ((30 > ((it - 1) of maximum of ((preceding texts of firsts " day" of ((now + 1*day - it) as string) as integer) of ((((it as string & " 00:00:00 -0700") of ((value of header "X-Fixlet-Source-Release-Date" of it) of relevant fixlets whose ((value of header "x-fixlet-source-severity" of it as lowercase = "critical") AND (value of header "X-Fixlet-Source-Release-Date" of it does not contain "Unspecified")) of sites)) as time))))) as string) else "True" Elapsed time since the oldest unapplied critical patch is less than 30 day(s) Compliant if True