RE: Vulnerability Scanning Doesn't Work
- From: "Abe Getchell" <me@xxxxxxxxxxxxxxx>
- Date: Thu, 8 Jan 2009 09:49:34 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hey Adriel,
The title and opening paragraph of your blog post are quite misleading and
rather reckless. There is definitely a false sense of security that is sold
to some organizations by the developers of vulnerability scanning tools, but
that is the fault of the purchasing organization (due to a lack of education
and unqualified individuals making decisions), not those companies pushing
their product. It's a consumer problem, not a technology or process problem,
which you seem to describe it as in the bulk of your blog post.
Vulnerability scanning tools can have a wonderfully awesome impact on your
security posture if they're used in a manner in which they function
adequately; as a compliance tool. While I understand the sales aspect of
your blog post, what your customers (and any other organization
investigating this type of technology) should understand is that they should
not be "using a team of talented hackers for security testing instead of
relying on automated vulnerability scanners", but rather "using a team of
talented hackers AND vulnerability scanners for security testing and
compliance".
See ya,
Abe
- --
Abe Getchell
me@xxxxxxxxxxxxxxx
https://abegetchell.com/
-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx
[mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of Adriel T. Desautels
Sent: Wednesday, January 07, 2009 8:07 PM
To: Security Basics
Cc: pen-test list
Subject: Vulnerability Scanning Doesn't Work
For those that care, I've modified my last blog entry based on some
comments provided by minoo. Specifically, it appears that I didn't
communicate my thoughts too clearly and the last entry left room for
misunderstanding. As such, the new revised entry is up at
http://snosoft.blogspot.com/2009/01/vulnerability-scanning-doesnt-
work.html
. If this still seems out of balance please let me know.
Adriel T. Desautels
ad_lists@xxxxxxxxxxxxx
--------------------------------------
Subscribe to our blog
http://snosoft.blogspot.com
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: us-ascii
wsBVAwUBSWYSlBgR0SeaGdcAAQiMPwgAhDaQrHKacqijxmeO24wkvOJxP7eqe3oe
rPD7hfzPKfA9a/lXAw2288PkoVJJ9N2EQRVkgcXsNGwm1ohjNcfvt1VyCF0GScC+
9bg4K5JZJGX8P88CcrMHc1BJreoO4aswX/4g5oTSblRMQ3EPLx07vefV+4Lbnw3A
ko8sqrRCK4Ge+Yj2EBjwu0zFcjSYWfvdTst4mHCKvGawvfm0OiLPOzr3/a+QfZSA
8YLrZ1FvPsdyONURUx+O85Eu/tTmYB3vtOj1KAw+yt0YIzAoFQQyXDt3FHJsRrWY
1I7JbA9qzZAWZuy3UdaI3Qts37go5vgyi2MuAm0NB4oZdFZXky+DlQ==
=bv6Q
-----END PGP SIGNATURE-----
- Follow-Ups:
- Re: Vulnerability Scanning Doesn't Work
- From: ArcSighter Elite
- Re: Vulnerability Scanning Doesn't Work
- Prev by Date: Re: Vulnerability scanners don't work
- Next by Date: Re: Looking for information regarding the use of Skype in an Enterprise network
- Previous by thread: Re: Vulnerability scanners don't work
- Next by thread: Re: Vulnerability Scanning Doesn't Work
- Index(es):
Relevant Pages
|
