Re: Recommendation for a Good Vulnerability Scanning Service?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



John Hinton wrote:
> On 2/18/2011 3:09 PM, Dr. Ed Morbius wrote:
>>
>>> I haven't spoken with the hackerguardian people yet but it would be
>>> nice if I could just say "I'm using CentOS 5.5" and have them factor
>>> that into their report so that I can focus on any real issues. Are
>>> there vulnerability scanning services that are more or less
>>> sophisticated about this?
>> I'd suggest you educate yourself on the PCI compliance issue, and query
>> your prospective vendor(s) on what specific scans they run and/or how
>> these are tuned to specific operating environments.
>>
>> I'd tend to suspect that vuln/pen testing is going to be based more on
>> known vulnerabilities than your environment.
>
> Very good information, Ed. And yes, you will almost certainly be
> fighting with the compliance company, as I have not yet seen any who
> recognized CentOS. RHEL, yes. CentOS however does not hold the same
> 'trusted standard' or clout as the major 'name brand' providers. Yes,

If you do talk to Trustwave, and they're not too expensive, they *use*
CentOS.
>
> I really think much of this is no more than smoking mirrors. For

"smoke and mirrors"
<snip>
> up. The rest was just red tape and I started feeling one particular
> compliance company was more into self promotion of their service by
> showing these non-existent flaws. I suppose one could compare it to the

They're all that way.
<snip>

          mark

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux