Penetration Testing mailing list archives

RE: Vulnerability - Tracking and Remediation

From: "Kevin Reiter" <KReiter () insidefsi net>
Date: Wed, 18 Apr 2007 09:52:51 -0400

Glad to help.

There's a lot of documentation available that tells you how to customize the majority of the app (custom fields, etc.), 
but there's so much of it I haven't even attempted it yet ;)

-----Original Message-----
From: xelerated [mailto:xelerated () gmail com]
Sent: Wednesday, April 18, 2007 7:46 AM
To: Kevin Reiter; pen-test () securityfocus com
Subject: Re: Vulnerability - Tracking and Remediation

Thanks for the mantis ref, that looks like it just might fit the bill.

Thanks!

On 4/17/07, Kevin Reiter < KReiter () insidefsi net> wrote:
I've been using Mantis (which is actually a software bug-tracking system) to track all the security issues, and it's 
been working out very well.  URL is http://www.mantisbugtracker.com/

On 4/13/07, xelerated <xelerated () gmail com> wrote:

I have a question for the pen test community. 

Does anyone have a free (OSS or other) way to take your vuln scan data
(nessus in this case)
and do tracking and remediation?

As it sits now, I scan at work atleast 300 machines a month, and my 
monthly list is growing, and will soon include subnets as well.

I used to take the pipe delimited format and run it through excel and
work with it from there.
and that worked fine back when I was only scanning 200 a month max but 
its become extremely cumbersome.

Also, if there is no such good tool out there, im no coder, but if
others out there would like to work on such a project id like to do
that too.

Thanks!



Kevin Reiter
Senior Security Engineer
Financial Services, Inc.
21 Harristown Road
Glen Rock, New Jersey 07452
(201)652-6000, ext. 588
PGP ID: 0xEE665233

This message may contain confidential or proprietary information and is intended solely for the individual(s) to whom 
it is addressed.  If you are not a named addressee you should not disseminate, distribute or copy this e-mail or act 
upon the information contained herein.  Please notify the sender immediately by e-mail if you have received this e-mail 
by mistake and delete this e-mail from your system. 


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program! 

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

Current thread:

Vulnerability - Tracking and Remediation xelerated (Apr 13)
- Re: Vulnerability - Tracking and Remediation Francois Yang (Apr 16)
  - RE: Vulnerability - Tracking and Remediation Kevin Reiter (Apr 17)
- <Possible follow-ups>
- RE: Vulnerability - Tracking and Remediation Kevin Reiter (Apr 18)