Are we saying that everything collected is either an exposure or a vulnerability? I can see the separation, but I'm not sure that this is not too limiting. What about general gathered information like traceroute data, is that really an exposure?
Dion > -----Original Message----- > From: Randy Bias [mailto:[EMAIL PROTECTED]] > Sent: Friday, March 08, 2002 4:00 PM > To: Randy Bias; 'Dmitriy Kropivnitskiy'; '[EMAIL PROTECTED]' > Subject: RE: Suggested XML output changes (was: Re: XML output.) > > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > I was reading the CVE (cve.mitre.org) website and they > seem very big > on distinguishing between an "Exposure" and a "Vulnerability." Do > others agree with this? Is this reflected in the way that Nessus and > the NASL scripts are currently architected? Should the output for > XML reflect that? Should <information> be left along and <exposure> > and <vulnerabilty> wrapped inside of that tag?? > > > > > - --Randy > > -----BEGIN PGP SIGNATURE----- > Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> > > iQA/AwUBPIkmuiGJH83OL4I4EQJ3+ACg8G3kjH8hmnsK6QbIcVTKsyF8FNsAoLQu > daOHuXIkSDvJkzOq3BKG6jMY > =YSce > -----END PGP SIGNATURE----- >
