Detection of vulnerabilities in a computer network

The invention claimed is: 1. A method, performed by one or more processors, the method comprising: receiving first data representing an infrastructure of a computer network, the first data comprising an indication of hosts which form at least part of the computer network and one or more software resources on respective hosts; receiving second data from a vulnerability scanning software, the second data comprising an indication of one or more vulnerabilities detected in the one or more software resources provided on at least some of the hosts of the computer network; generating, using a combination of the first data and the second data, output data representing a risk profile of the computer network infrastructure, the output data indicating one or more subsets of hosts, determined as being at risk of being affected by the detected vulnerabilities by virtue of the software resources they provide for output on a user interface; and determining a patch deployment strategy based on one or more prioritization rules, performance of which is dependent on the infrastructure of the computer network, the one or more prioritization rules determining an order of one or more patches to deploy to remedy the detected vulnerabilities, the order indicating first deploying patches to remedy a number N of most-critical hosts or software resources that require patching, wherein the deployment strategy determines a least number of patches to deploy to remedy all of the N most-critical hosts or software resources. 2. The method of claim 1 , further comprising determining a number of downstream hosts that take data from the one or more subsets of hosts and indicating said number of downstream hosts in the output data. 3. The method of claim 1 , further comprising: determining the one or more patches for remedying the detected vulnerabilities; and presenting the output data on the user interface with an indication of the determined one or more patches on the user interface, the one or more patches being deployable through the user interface. 4. The method of claim 3 , wherein each of the one or more subsets of hosts or vulnerabilities represented by the output data are arranged on the user interface based on one or more prioritization rules, performance of which is dependent on the infrastructure of the computer network. 5. The method of claim 4 , wherein the prioritization rules determine the arrangement based on how critical one of the subset of hosts is to the infrastructure of the computer network. 6. The method of claim 5 , wherein the first data comprises an indication of a type or role for each host, and wherein how critical one of the subset of hosts is to the computer network is determined based on their respective type or role. 7. The method of claim 5 , wherein how critical one of the subset of hosts is to the computer network is determined based on the number of hosts that take data from at-risk hosts, those with a greater number of downstream hosts being arranged so as to indicate a higher priority. 8. The method of claim 5 , further comprising receiving third data indicative of users or groups of users associated with particular hosts, and wherein the output data further comprises a list of one or more users associated with the subsets of hosts and wherein how critical one of the subset of hosts is to the computer network is based on the role of the users, or groups of users, associated with said subset of hosts. 9. The method of claim 5 , further comprising receiving third data indicative of users or groups of users associated with particular hosts, and wherein the output data further comprises a list of one or more users associated with the one or more subsets of hosts and wherein how critical one of the subset of hosts is to the computer network is based on a number of users associated with said subset of hosts. 10. The method of claim 1 , further comprising deploying patches using the determined patch deployment strategy. 11. The method of claim 1 , further comprising automatically generating an electronic report representing the patch deployment strategy for electronic transmission to a remote organization with an indication of the determined patch deployment strategy. 12. The method of claim 11 , wherein the electronic report comprises one or more embedded links for user-selection to deploy the one or more patches. 13. The method of claim 1 , further comprising automatically requesting deployment of the one or more patches according to the patch deployment strategy. 14. The method of claim 1 , further comprising using the first data and the second data to automatically infer one or more vulnerabilities on one or more hosts of the computer network infrastructure which, in a previous scanning iteration, were not scanned by the vulnerability scanning software, the inferring comprising identifying from the first data and the second data a detected vulnerability in a particular software resource and using the first data to identify non-scanned hosts providing the particular software resource, said inferred one or more hosts being indicated in the output data. 15. The method of claim 1 , wherein the determined least number of patches may be compressed into a single file for subsequent deployment. 16. The method of claim 1 , further comprising automatically generating an electronic report representing the patch deployment strategy for electronic transmission to a remote organization with an indication of the determined patch deployment strategy, wherein the electronic report may comprise one or more embedded links for user-selection to deploy the patches. 17. A computer program, optionally stored on a non-transitory computer readable medium program which, when executed by one or more processors of a data processing apparatus, causes the data processing apparatus to perform: receiving first data representing an infrastructure of a computer network, the first data comprising an indication of hosts which form at least part of the computer network and one or more software resources on respective hosts; receiving second data from a vulnerability scanning software, the second data comprising an indication of one or more vulnerabilities detected in the one or more software resources provided on at least some of the hosts of the computer network; generating, using a combination of the first data and the second data, output data representing a risk profile of the computer network infrastructure, the output data indicating one or more subsets of hosts, determined as being at risk of being affected by the detected vulnerabilities by virtue of the software resources they provide for output on a user interface; and determining a patch deployment strategy based on one or more prioritization rules, performance of which is dependent on the infrastructure of the computer network, the one or more prioritization rules determining an order of one or more patches to deploy to remedy the detected vulnerabilities, the order indicating first deploying patches to remedy a number N of most-critical hosts or software resources that require patching, wherein the deployment strategy determines a least number of patches to deploy to remedy all of the N most-critical hosts or software resources. 18. An apparatus comprising: one or more processors; and a memory storing instructions, the instructions, when executed by the one or more processors, causing the apparatus to perform: receiving first data representing an infrastructure of a computer network, the first data comprising an indication of hosts wh