Security Basics mailing list archives

RE: Vulnerability Scanning Doesn't Work

From: "Abe Getchell" <me () abegetchell com>
Date: Thu, 8 Jan 2009 09:49:34 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hey Adriel,

The title and opening paragraph of your blog post are quite misleading and
rather reckless. There is definitely a false sense of security that is sold
to some organizations by the developers of vulnerability scanning tools, but
that is the fault of the purchasing organization (due to a lack of education
and unqualified individuals making decisions), not those companies pushing
their product. It's a consumer problem, not a technology or process problem,
which you seem to describe it as in the bulk of your blog post.
Vulnerability scanning tools can have a wonderfully awesome impact on your
security posture if they're used in a manner in which they function
adequately; as a compliance tool. While I understand the sales aspect of
your blog post, what your customers (and any other organization
investigating this type of technology) should understand is that they should
not be "using a team of talented hackers for security testing instead of
relying on automated vulnerability scanners", but rather "using a team of
talented hackers AND vulnerability scanners for security testing and
compliance".

See ya,
Abe

- --
Abe Getchell
me () abegetchell com
https://abegetchell.com/

-----Original Message-----
From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com] On Behalf Of Adriel T. Desautels
Sent: Wednesday, January 07, 2009 8:07 PM
To: Security Basics
Cc: pen-test list
Subject: Vulnerability Scanning Doesn't Work

For those that care, I've modified my last blog entry based on some
comments provided by minoo. Specifically, it appears that I didn't
communicate my thoughts too clearly and the last entry left room for
misunderstanding. As such, the new revised entry is up at
http://snosoft.blogspot.com/2009/01/vulnerability-scanning-doesnt-
work.html
. If this still seems out of balance please let me know.

      Adriel T. Desautels
      ad_lists () netragard com
         --------------------------------------

      Subscribe to our blog
         http://snosoft.blogspot.com




-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: us-ascii

wsBVAwUBSWYSlBgR0SeaGdcAAQiMPwgAhDaQrHKacqijxmeO24wkvOJxP7eqe3oe
rPD7hfzPKfA9a/lXAw2288PkoVJJ9N2EQRVkgcXsNGwm1ohjNcfvt1VyCF0GScC+
9bg4K5JZJGX8P88CcrMHc1BJreoO4aswX/4g5oTSblRMQ3EPLx07vefV+4Lbnw3A
ko8sqrRCK4Ge+Yj2EBjwu0zFcjSYWfvdTst4mHCKvGawvfm0OiLPOzr3/a+QfZSA
8YLrZ1FvPsdyONURUx+O85Eu/tTmYB3vtOj1KAw+yt0YIzAoFQQyXDt3FHJsRrWY
1I7JbA9qzZAWZuy3UdaI3Qts37go5vgyi2MuAm0NB4oZdFZXky+DlQ==
=bv6Q
-----END PGP SIGNATURE-----

Current thread:

RE: Vulnerability Scanning Doesn't Work Abe Getchell (Jan 08)
- Re: Vulnerability Scanning Doesn't Work ArcSighter Elite (Jan 08)
- Message not available
  - Revising it [Vulnerability Scanning Doesn't Work] Adriel T. Desautels (Jan 08)
    - RE: Revising it [Vulnerability Scanning Doesn't Work] Siedelberg, Mike (Jan 12)
    - Re: Revising it [Vulnerability Scanning Doesn't Work] Adriel T. Desautels (Jan 12)
- Message not available
  - Re: Vulnerability Scanning Doesn't Work NeZa (Jan 09)
    - Re: Vulnerability Scanning Doesn't Work Adriel T. Desautels (Jan 09)
    - Re: Vulnerability Scanning Doesn't Work Adriel T. Desautels (Jan 12)
    - Message not available
    - Re: Vulnerability Scanning Doesn't Work Adriel T. Desautels (Jan 13)
    - Re: Vulnerability Scanning Doesn't Work NeZa (Jan 14)
    - Re: Vulnerability Scanning Doesn't Work Rob Thompson (Jan 14)

(Thread continues...)