Security Basics mailing list archives
RE: Vulnerability Scanning Doesn't Work
From: "Abe Getchell" <me () abegetchell com>
Date: Thu, 8 Jan 2009 09:49:34 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hey Adriel, The title and opening paragraph of your blog post are quite misleading and rather reckless. There is definitely a false sense of security that is sold to some organizations by the developers of vulnerability scanning tools, but that is the fault of the purchasing organization (due to a lack of education and unqualified individuals making decisions), not those companies pushing their product. It's a consumer problem, not a technology or process problem, which you seem to describe it as in the bulk of your blog post. Vulnerability scanning tools can have a wonderfully awesome impact on your security posture if they're used in a manner in which they function adequately; as a compliance tool. While I understand the sales aspect of your blog post, what your customers (and any other organization investigating this type of technology) should understand is that they should not be "using a team of talented hackers for security testing instead of relying on automated vulnerability scanners", but rather "using a team of talented hackers AND vulnerability scanners for security testing and compliance". See ya, Abe - -- Abe Getchell me () abegetchell com https://abegetchell.com/
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Adriel T. Desautels Sent: Wednesday, January 07, 2009 8:07 PM To: Security Basics Cc: pen-test list Subject: Vulnerability Scanning Doesn't Work For those that care, I've modified my last blog entry based on some comments provided by minoo. Specifically, it appears that I didn't communicate my thoughts too clearly and the last entry left room for misunderstanding. As such, the new revised entry is up at http://snosoft.blogspot.com/2009/01/vulnerability-scanning-doesnt- work.html . If this still seems out of balance please let me know. Adriel T. Desautels ad_lists () netragard com -------------------------------------- Subscribe to our blog http://snosoft.blogspot.com
-----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Charset: us-ascii wsBVAwUBSWYSlBgR0SeaGdcAAQiMPwgAhDaQrHKacqijxmeO24wkvOJxP7eqe3oe rPD7hfzPKfA9a/lXAw2288PkoVJJ9N2EQRVkgcXsNGwm1ohjNcfvt1VyCF0GScC+ 9bg4K5JZJGX8P88CcrMHc1BJreoO4aswX/4g5oTSblRMQ3EPLx07vefV+4Lbnw3A ko8sqrRCK4Ge+Yj2EBjwu0zFcjSYWfvdTst4mHCKvGawvfm0OiLPOzr3/a+QfZSA 8YLrZ1FvPsdyONURUx+O85Eu/tTmYB3vtOj1KAw+yt0YIzAoFQQyXDt3FHJsRrWY 1I7JbA9qzZAWZuy3UdaI3Qts37go5vgyi2MuAm0NB4oZdFZXky+DlQ== =bv6Q -----END PGP SIGNATURE-----
Current thread:
- RE: Vulnerability Scanning Doesn't Work Abe Getchell (Jan 08)
- Re: Vulnerability Scanning Doesn't Work ArcSighter Elite (Jan 08)
- Message not available
- Revising it [Vulnerability Scanning Doesn't Work] Adriel T. Desautels (Jan 08)
- RE: Revising it [Vulnerability Scanning Doesn't Work] Siedelberg, Mike (Jan 12)
- Re: Revising it [Vulnerability Scanning Doesn't Work] Adriel T. Desautels (Jan 12)
- Revising it [Vulnerability Scanning Doesn't Work] Adriel T. Desautels (Jan 08)
- Message not available
- Re: Vulnerability Scanning Doesn't Work NeZa (Jan 09)
- Re: Vulnerability Scanning Doesn't Work Adriel T. Desautels (Jan 09)
- Re: Vulnerability Scanning Doesn't Work Adriel T. Desautels (Jan 12)
- Message not available
- Re: Vulnerability Scanning Doesn't Work Adriel T. Desautels (Jan 13)
- Re: Vulnerability Scanning Doesn't Work NeZa (Jan 14)
- Re: Vulnerability Scanning Doesn't Work Rob Thompson (Jan 14)
- Re: Vulnerability Scanning Doesn't Work NeZa (Jan 09)