> From: JM <[EMAIL PROTECTED]> > As the subject says, this is what I have got to do. > > I could dream up loads of examples of; > if we don't detect a code read virus and we get it, then it > will knock out our webservers and others until we fix it. > if we have open null shares on the network, and unrestricted > access to remote registries people can do what they > want....... > > But does anyone have any thoughts to share, on how I can > successfully convince my management that the spend on a > vulnerability scanner is worthwhile. Vulnerability scanners don't have an inherent ROI of their own.
Once you've got commitment to FIX holes before they are exploited, then you can easily justify a tool or two to FIND the holes that need fixing. But finding the holes is no help if nothing will be done about them. David Gillett
