Hi Ravi,
One of the criteria can be market share of softwares. If there is a vulnerability in some software which does not have a decent market share, none of your customres are using it, why do you want to waste time, money and resources in developing signature. Regards Abhishek ---------------------------- >Hi, >There are over 30000 CVE vulnerability reports. >Many IDS/IPS devices >have around 4000-5000 signature rules. My guess >is that these >signatures may cover (detect)around 4000-7000 >attacks. 23000 to 26000 >CVEs, that is, significant number of CVEs are >not covered by IDS/IPS >devices. >I am guessing that there is reason for this. >IDS/IPS vendors may be >selecting few CVEs for developing signatures. >What is the selection >criteria followed in industry? One criteria, I >know is that Network >IDS/IPS devices don't need to worry about >attacks that can only be >mounted on the local machine, that is, NIDS/NIPS >devices only need to >worry about detection of attacks mounted >remotely. Are there any other >considerations? >Thanks >Ravi ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
