Re: Vulnerability Tracking & Management

[Zate <zate75 () gmail com>]

Largest problem is no standard reporting format between those tools.  Next
version of Seccubus is aiming to implement IVIL which is a xml format that
seeks to be a common format that security tools can output to.

The idea is that you write a wrapper for the tool who's data you want to
consume, and Seccubus would understand how to use the "findings" if
presented in that format.

Zate


On Thu, Feb 10, 2011 at 2:43 PM, Kevin Shaw <kevin.lee.shaw () gmail com>wrote:

> Everyone I've encountered uses some sort of home grown database or app for
> this purpose or integrates it into their help ticket system. SecureInfo used
> to have a product to manage compliance and track POAM items but I never
> heard anyone say anything positive about it.
> On Feb 10, 2011 2:07 PM, "Josh Little" <josh () zombietango com> wrote:
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com