What is the basis of the claim? The most recent benchmarks I'd reviewed demonstrated exactly the opposites.
Regardless, all claims of vulnerability must be evaluated individually in order to demonstrate the relative risk (or lack thereof) of a supposed vulnerability. This regardless of software product used to determine vulnerability. Trusting solely in a software product and automated process to determine a precise level of vulnerability is (IMNSHO) an inappropriate approach to risk management. joel -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Dion Stempfley Sent: Monday, July 22, 2002 10:48 AM To: 'Tim Sailer'; [EMAIL PROTECTED] Subject: RE: false positives And they think ISS will not! :) Sorry, no real help. Dion > -----Original Message----- > From: Tim Sailer [mailto:[EMAIL PROTECTED]] > Sent: Monday, July 22, 2002 1:30 PM > To: [EMAIL PROTECTED] > Subject: false positives > > > Folks, > I'm getting serious pressure from Management to switch from Nessus > to ISS. One of the reasons being is that they claim that Nessus is > clouding any real issues with false positives. Does anyone else > have the same problem, and if so, how are you getting around it? > > Tim > > -- > Tim Sailer <[EMAIL PROTECTED]> > Brookhaven National Laboratory (631) 344-3001 > - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body. * To subscribe again, send a mail to [EMAIL PROTECTED] with "subscribe nessus" in the body
