Jim Wildman wrote: > On Wed, 30 Jun 2010, Frank Cox wrote: <snip> >> What is the point of doing a security scan under conditions that are not >> actually "live"? >> >> It sounds like moving the flammable materials out before a fire >> inspection, then moving them right back in when the inspector leaves. >> >> What is gained? You're no more secure than you were before the >> inspection, and and you're no longer running what you had running during >> the inspection. > For most (large) organizations, security scans have NOTHING to do with > increasing security, and everything with being able to answer "Yes" > to a question like "Do you regularly scan for known defects?", > probably for a VISA type compliance check. > > If you don't already know, you really don't want to know about data > security in the medical or banking communities. Heh. Heh. Heh. And don't forget the credit card community. Or the US gov't (and gov't medical community). mark _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos