On Wed, Mar 16, 2005 at 05:39:04PM +0100, Javier Fernandez-Sanguino wrote:
> If the database was public, vendors could add their own software to
> the list :-)
When users had the ability to comment on plugins (before we changed the
website), I had to filter out tons of bogus reports every day. Some of
them were legitimate misunderstandings while others were posted from IP
addresses belonging to our competitors attempting to make false
claims about the side effects of some plugins. (Of course, I'm not
mentioning the insults, the attempts to see if a cross-site-scripting
worked, weird binaries posted as a comment, and so on).
My guess is that if we had to maintain such a website, it would take a
lot of efforts to filter out what's real vs. what's intentionally
bogus, and filtering is extremely difficult as we'd need to appropriate
hardware to reproduce the issue.
Add to that the potential liability of the website itself. If someone
says that Nessus crashes any, say, Cisco router and Cisco sees that,
they may sue us for slander - especially if we did not double check the
issue.
So I can live without this responsability,
-- Renaud
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
