Penetration Testing mailing list archives
Re: computer/vulnerability database
From: "Matthew Zimmerman" <mzimmerman () gmail com>
Date: Fri, 9 Jan 2009 13:45:54 -0500
Jerry, I'm not sure if this is what you're looking for (as I didn't really grasp your question) but OpenFISMA may apply. It's targeted at a US Govt Federal audience but it's concepts may be very applicable for you regardless. OpenFISMA is what an organization would use to keep track of their vulnerabilities and how they're addressing the issues AFTER they have already been identified. http://www.openfisma.org/ Matt Z On Fri, Jan 9, 2009 at 8:01 AM, Shenk, Jerry A <jshenk () decommunications com> wrote:
Does anybody have any thoughts about a database for an audit to contain current vulnerability issues and subsequent updates? I imagine that it should have at least two tables - one table for computers and another table for vulnerabilities. Obviously, each computer can have multiple vulnerabilities and it would be nice to be able to generate a report for each vulnerability. I also think it would be good to have the ability to note when vulnerabilities are resolved as an additional note. **DISCLAIMER This e-mail message and any files transmitted with it are intended for the use of the individual or entity to which they are addressed and may contain information that is privileged, proprietary and confidential. If you are not the intended recipient, you may not use, copy or disclose to anyone the message or any information contained in the message. If you have received this communication in error, please notify the sender and delete this e-mail message. The contents do not represent the opinion of D&E except to the extent that it relates to their official business.
Current thread:
- FireCAT 1.5 released SD List (Jan 09)
- computer/vulnerability database Shenk, Jerry A (Jan 09)
- Re: computer/vulnerability database Matthew Zimmerman (Jan 11)
- Re: computer/vulnerability database John Kinsella (Jan 11)
- RE: computer/vulnerability database Shenk, Jerry A (Jan 11)
- Re: computer/vulnerability database etd (Jan 11)
- Re: computer/vulnerability database James Bensley (Jan 11)
- RE: computer/vulnerability database Shenk, Jerry A (Jan 11)
- computer/vulnerability database Shenk, Jerry A (Jan 09)