On Tue, Aug 20, 2002 at 11:22:49AM -0500, [EMAIL PROTECTED] wrote:
> ISS is claiming to have attack signatures that cover 95% of the high risk
> CVE's while they also claim that nessus only cover less than 10% of the
> high risk CVE's. I have been very happy with Nessus' flexibility and would
> like some information on this claim. Has anyone on this list heard this
> before? Are these results accurate, skewed, etc? I would like an opinion
> from the Nessus user community.
[...]
>
> Here are the results they provided me:
>
> 1999-0176 5 ICAT ISS SARA NESSUS QUALYS
> 1999-0177 5 ICAT ISS SARA NESSUS QUALYS
This is a list of result that comes from the Center for Internet
Security, and that they were not allowed to publish, as this paper was a
work in progress.
Nevertheless, the content of this paper were blantantly false regarding
Nessus. I don't know who did the matching, but that person clearly did
not do his job.
I sent a "fixed" version of this file to the CIS several weeks ago, but
I'm really disappointed to see ISS use that as a marketing trick.
-- Renaud
-
[EMAIL PROTECTED]: general discussions about Nessus.
* To unsubscribe, send a mail to [EMAIL PROTECTED] with
"unsubscribe nessus" in the body.
