I have a related question. What is the review process for submitted plugins? For instance what kind of verification process is there that validates that a plugin that has been associated with a CVE number is actually been correctly assigned to that CVE number? I think I have seen some discrepancies between vendors. For instance, two different scanners that are checking the same exact vulnerability have assigned it to different CVEs.
~Kevin Davis� What could possibly go wrong? ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, August 20, 2002 12:22 PM Subject: Internet Scanner vs Nessus based on CVE hits > ISS is claiming to have attack signatures that cover 95% of the high risk > CVE's while they also claim that nessus only cover less than 10% of the > high risk CVE's. I have been very happy with Nessus' flexibility and would > like some information on this claim. Has anyone on this list heard this > before? Are these results accurate, skewed, etc? I would like an opinion > from the Nessus user community. > - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body.
