Credentialed scanning. I have been having a discussion with some fellas about MS10-002 and MS09-072 and some vuln reports to be specific.
__________________________________ Albert R. Campa On Wed, Feb 17, 2010 at 3:42 PM, Paul Asadoorian <[email protected]> wrote: > Hey Albert, > > Are you doing credentialed scanning or network-based scanning? > > > On 2/17/10 2:17 PM, Albert R. Campa wrote: >> What do you guys think of scanning and reporting of cumulative >> vulnerabilities? >> >> For example. If you have vulnerability A that supercedes vulnerability >> B. Nessus will report both A and B as vulnerable, but for patching >> only Vulnerability A needs to be patched. So why report vulnerability >> B? Should the scanner ingore superceded vulnerabilities? Is the only >> plus to reporting both A and B is to have a history of old >> vulnerabilities not patched? >> >> What about metrics? A and B might be vulnerable but only patch A needs >> to be installed. >> >> >> If an admin gets a vuln report with both A and B, can they easily >> figure out oh, this is cumulative, so I only need to install A, or are >> they going to try to install both. >> >> >> want to get more opinions on this. >> >> >> >> __________________________________ >> Albert R. Campa >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com > > -- > Paul Asadoorian > PaulDotCom Enterprises > Web: http://pauldotcom.com > Phone: 401.829.9552 > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
