Anyone notice how the three areas of information that ISS uses to support their vulnerabilities are not in sync? Here's the issue: On ther Xforce listing of Vulnerabilities, you have information like Consequences: Gain Access. This is very good because it helps one determine the amount of effort one puts toward fixing the problem. But on the Vuln Catalog pages, this entry is not present. But, on the other hand, on the Vuln Catalog pages, you have great information like False Positive, False Negative, and Required Permissions. This information is not availble on the Xforce pages. And none of this info if available while in the policy editor and viewing vulnerabilities. I would think it would be much easier and more efficient to maintain one database with all this information. It would also be nice to have the Catagory that the checks belong to(such as NT Critical Issues, etc.) listed on the pages as well, especially the the little bomb showing it as a denial-of-service check. I wonder if there are any plans to merge these respective information bases?
_______________________________________________ ISSForum mailing list [EMAIL PROTECTED]
