Re: Justifying the spend on a vulnerability scanner
From: Gerhard Rickert (email@example.com)
From: "Gerhard Rickert" <firstname.lastname@example.org> To: <email@example.com> Date: Thu, 13 Mar 2003 10:16:34 +0900
sorry for the multi post....
here is the English site.
What is the link to Observer?
> -----Original Message-----
> From: Gerhard Rickert [mailto:firstname.lastname@example.org]
> Sent: Tuesday, March 11, 2003 6:15 PM
> To: email@example.com
> Subject: Re: Justifying the spend on a vulnerability scanner
> Just a thought in this area...what do you think of Observer.
> Is it an overpriced tool? Would it work for what Mr. Berry wants?
----- Original Message -----
From: "David Gillett" <firstname.lastname@example.org>
Sent: Wednesday, March 12, 2003 4:56 AM
Subject: RE: Justifying the spend on a vulnerability scanner
> > From: JM <email@example.com>
> > As the subject says, this is what I have got to do.
> > I could dream up loads of examples of;
> > if we don't detect a code read virus and we get it, then it
> > will knock out our webservers and others until we fix it.
> > if we have open null shares on the network, and unrestricted
> > access to remote registries people can do what they
> > want.......
> > But does anyone have any thoughts to share, on how I can
> > successfully convince my management that the spend on a
> > vulnerability scanner is worthwhile.
> Vulnerability scanners don't have an inherent ROI of their
> Once you've got commitment to FIX holes before they are
> exploited, then you can easily justify a tool or two to FIND
> the holes that need fixing. But finding the holes is no help
> if nothing will be done about them.
> David Gillett