On Wed, 2012-03-21 at 14:48 +0100, Reindl Harald wrote:
> > Nessus, despite I do like it, and as it is a respected industry standard, > > has its fair share of false positives, > > for simple example, look at FTP, running a public FTP server you get a > > severity "medium" warning, I mean like.. > > WTF... if anything, it should be an "info" , which brings me to their LOW > > ratings, they need to introduce an INFO > > level, because 95% of "low" are not issues at all. > > this is a different story > openVAS has a info-level and i guess Nessus too because openVAS is a fork > > that services are treated as medium is fine because if > nessus finds a service and you do not know that it is > running -> problem, it is the job of the auditor flag > the port as "info, OK" > I don't consider fine, as it does not report same of other services running, we run an IRC server, and even it gets scored a low :) BTW, I stand corrected, just asked Ron and he told me nessus has INFO levels as of nessus 5.
<<attachment: face-smile.png>>
signature.asc
Description: This is a digitally signed message part
