In message <7c5f9d80-8686-07bb-b6ed-6e41fa1e1...@si6networks.com>, Fernando Gont <fg...@si6networks.com> wrote:
>Note: What's most usually done out there is scanning for ports, rather >than for vulnerabilities. Yes, and at least some of the responses in this thread have not, I think, noted this rather important distinction. For my part I intended to ask specifically about attitudes towards scanning for actual vulnerabilities, e.g. those that have been assigned CVE numbers. Depending on who is doing it, and why, my personal feeling is that even here in 2022 this should still be viewed as being exceptionally anti-social, and worthy of calling out publicly, but I must allow for the possibility that my personal views on this may be antiquated and out of step with current prevailing norms and attitudes. Regards, rfg
