Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Justifying the spend on a vulnerability scanner

From: "David Gillett" <gillettdavid () fhda edu>
Date: Tue, 11 Mar 2003 11:56:36 -0800
From: JM <jamesmcgeeiom () onetel net uk>
As the subject says, this is what I have got to do.

I could dream up loads of examples of;
if we don't detect a code read virus and we get it, then it
will knock out our webservers and others until we fix it.
if we have open null shares on the network, and unrestricted
access to remote registries people can do what they
want.......

But does anyone have any thoughts to share, on how I can
successfully convince my management that the spend on a
vulnerability scanner is worthwhile.

 
  Vulnerability scanners don't have an inherent ROI of their
own.

  Once you've got commitment to FIX holes before they are
exploited, then you can easily justify a tool or two to FIND
the holes that need fixing.  But finding the holes is no help
if nothing will be done about them.

David Gillett
Previous By Date Next
Previous By Thread Next

Current thread: