RE: [ISSForum] Vuln Catalog Vs. Xforce Pages Vs. Policy Editor.

Tue, 22 Oct 2002 10:17:59 -0700 

I find Mark�s observations very sensible; I also noticed.

-----Mensaje original-----
De: Evans, Mark [mailto:EvansM@;ritchie.disa.mil]
Enviado el: martes 22 de octubre de 2002 15:43
Para: '[EMAIL PROTECTED]'
Asunto: [ISSForum] Vuln Catalog Vs. Xforce Pages Vs. Policy Editor.


Anyone notice how the three areas of information that ISS uses to support
their vulnerabilities are not in sync? Here's the issue: On ther Xforce
listing of Vulnerabilities, you have information like Consequences: Gain
Access. This is very good because it helps one determine the amount of
effort one puts toward fixing the problem. But on the Vuln Catalog pages,
this entry is not present. But, on the other hand, on the Vuln Catalog
pages, you have great information like False Positive, False Negative, and
Required Permissions. This information is not availble on the Xforce pages.
And none of this info if available while in the policy editor and viewing
vulnerabilities. I would think it would be much easier and more efficient to
maintain one database with all this information. It would also be nice to
have the Catagory that the checks belong to(such as NT Critical Issues,
etc.)  listed on the pages as well, especially the the little bomb showing
it as a denial-of-service check.  I wonder if there are any plans to merge
these respective information bases?

_______________________________________________
ISSForum mailing list
[EMAIL PROTECTED]


**********************************************************************
COLT Telecom Espana S.A.
Oficina Registrada en: Telemaco, 5 28027 Madrid
Tel. +34 91 789 9000

This message is subject to and does not create or vary any contractual
relationship between COLT Telecommunications, its subsidiaries or 
affiliates ("COLT") and you. Internet communications are not secure
and therefore COLT does not accept legal responsibility for the
contents of this message.  Any view or opinions expressed are those of
the author. The message is intended for the addressee only and its
contents and any attached files are strictly confidential. If you have
received it in error, please telephone the number above. Thank you.

**********************************************************************

_______________________________________________
ISSForum mailing list
[EMAIL PROTECTED]

Reply via email to