On Tue, Feb 03, 2004 at 10:32:03AM -0600, DePriest, Jason R. wrote:
> > Well, nearly 2000 plugins isn't such a bad effort. It's quite
> > comparable to products like ISS and Retina.
>
> I am running ISS Internet Scanner 6.2.1 with the latest XPU (#45), dated
> January 29, 2004 and it only has 1,309 exploits.
Note that "number of checks" does not mean anything.
First, when different flaws affect the same version of the same
product, some vendors will split the check in multiple plugins -
one for each flaw. That allows them to easily win the "number of
checks" race.
In the same vein, some other vendors have 50 plugins doing the same
thing - there is a VA scanner vendor out there who has over 50 plugins
for access point detection ! This is akin to saying that nmap does
over 2,000 security checks because it can identify over 2,000 operating
systems - that's not really honnest.
On the Nessus side, I strictly don't care about wining the "number of
checks" race. It simply does not make any sense. Same thing for the
CVE race - CVE is lagging behind in terms of vulnerabilities so I tend
to have better corelation with the Bugtraq IDs rather than CVE.
(that does not mean that CVE is not supported, it just means that the
NessusID<->CVE correlation is less up-to-date than with bugtraq).
-- Renaud
_______________________________________________
Nessus mailing list
[EMAIL PROTECTED]
http://mail.nessus.org/mailman/listinfo/nessus
