Security Basics mailing list archives
RE: Justifying the spend on a vulnerability scanner
From: "David Gillett" <gillettdavid () fhda edu>
Date: Tue, 11 Mar 2003 11:56:36 -0800
From: JM <jamesmcgeeiom () onetel net uk> As the subject says, this is what I have got to do. I could dream up loads of examples of; if we don't detect a code read virus and we get it, then it will knock out our webservers and others until we fix it. if we have open null shares on the network, and unrestricted access to remote registries people can do what they want....... But does anyone have any thoughts to share, on how I can successfully convince my management that the spend on a vulnerability scanner is worthwhile.
Vulnerability scanners don't have an inherent ROI of their own. Once you've got commitment to FIX holes before they are exploited, then you can easily justify a tool or two to FIND the holes that need fixing. But finding the holes is no help if nothing will be done about them. David Gillett
Current thread:
- Justifying the spend on a vulnerability scanner JM (Mar 10)
- Re: Justifying the spend on a vulnerability scanner Vlad Tsyrklevich (Mar 11)
- Re: Justifying the spend on a vulnerability scanner Gene Yoo (Mar 11)
- Re: Justifying the spend on a vulnerability scanner Kenzo (Mar 11)
- Re: Justifying the spend on a vulnerability scanner Pierre A. Cadieux (Mar 12)
- <Possible follow-ups>
- RE: Justifying the spend on a vulnerability scanner JM (Mar 11)
- Re: Justifying the spend on a vulnerability scanner Gerhard Rickert (Mar 12)
- RE: Justifying the spend on a vulnerability scanner mhunt (Mar 21)
- Re: Justifying the spend on a vulnerability scanner Gerhard Rickert (Mar 12)
- Re: Justifying the spend on a vulnerability scanner Chris Berry (Mar 11)
- RE: Justifying the spend on a vulnerability scanner David Gillett (Mar 12)
- Re: Justifying the spend on a vulnerability scanner Gerhard Rickert (Mar 13)
- Re: Justifying the spend on a vulnerability scanner Gerhard Rickert (Mar 13)
- RE: Justifying the spend on a vulnerability scanner David Gillett (Mar 12)
- Re: Justifying the spend on a vulnerability scanner David Vertie (Mar 13)
- RE: Justifying the spend on a vulnerability scanner Buyer Jr, David (Mar 24)