RE: Vulnerability Scanning Doesn't Work



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hey Adriel,

The title and opening paragraph of your blog post are quite misleading and
rather reckless. There is definitely a false sense of security that is sold
to some organizations by the developers of vulnerability scanning tools, but
that is the fault of the purchasing organization (due to a lack of education
and unqualified individuals making decisions), not those companies pushing
their product. It's a consumer problem, not a technology or process problem,
which you seem to describe it as in the bulk of your blog post.
Vulnerability scanning tools can have a wonderfully awesome impact on your
security posture if they're used in a manner in which they function
adequately; as a compliance tool. While I understand the sales aspect of
your blog post, what your customers (and any other organization
investigating this type of technology) should understand is that they should
not be "using a team of talented hackers for security testing instead of
relying on automated vulnerability scanners", but rather "using a team of
talented hackers AND vulnerability scanners for security testing and
compliance".

See ya,
Abe

- --
Abe Getchell
me@xxxxxxxxxxxxxxx
https://abegetchell.com/

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx
[mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of Adriel T. Desautels
Sent: Wednesday, January 07, 2009 8:07 PM
To: Security Basics
Cc: pen-test list
Subject: Vulnerability Scanning Doesn't Work

For those that care, I've modified my last blog entry based on some
comments provided by minoo. Specifically, it appears that I didn't
communicate my thoughts too clearly and the last entry left room for
misunderstanding. As such, the new revised entry is up at
http://snosoft.blogspot.com/2009/01/vulnerability-scanning-doesnt-
work.html
. If this still seems out of balance please let me know.


Adriel T. Desautels
ad_lists@xxxxxxxxxxxxx
--------------------------------------

Subscribe to our blog
http://snosoft.blogspot.com





-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: us-ascii

wsBVAwUBSWYSlBgR0SeaGdcAAQiMPwgAhDaQrHKacqijxmeO24wkvOJxP7eqe3oe
rPD7hfzPKfA9a/lXAw2288PkoVJJ9N2EQRVkgcXsNGwm1ohjNcfvt1VyCF0GScC+
9bg4K5JZJGX8P88CcrMHc1BJreoO4aswX/4g5oTSblRMQ3EPLx07vefV+4Lbnw3A
ko8sqrRCK4Ge+Yj2EBjwu0zFcjSYWfvdTst4mHCKvGawvfm0OiLPOzr3/a+QfZSA
8YLrZ1FvPsdyONURUx+O85Eu/tTmYB3vtOj1KAw+yt0YIzAoFQQyXDt3FHJsRrWY
1I7JbA9qzZAWZuy3UdaI3Qts37go5vgyi2MuAm0NB4oZdFZXky+DlQ==
=bv6Q
-----END PGP SIGNATURE-----