It would seem to me that you could grep the results and look for the "CVSS Base Score : "
A summation of the findings should give you a picture such that the lower your score, the better your performance.
A more accurate representation might be to incorporate a fixed or sliding multiplier so that a system with a few highs reports a much higher score than a host with a multitude of lows.
----------------------------------------------------
Mike Sleeper CISSP, CCSE, CCFS
Computer & Information Security
----------------------------------------------------
************* DISCLAIMER ***********************************
The above comments are my own and do not
necessarily represent those of my employer or
contractor. Any information or advice provided by
me shall be given under the "caveat emptor" principal.
*****************************************************************
| "mudyo26 CryptoMail
User " <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED] 04/06/2006 01:55 PM |
|
Is there any Scoring system / Risk Score based on Nessus output ?
What if an organization does scanning every day and want to know how the
"security score" is increasing or decreasing based on vulnerabilities found(not found).
I read one posting by Renaud in early 2005 in Nessus lists that it is being worked upon.
!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+
CryptoMail provides free end-to-end message encryption.
http://www.cryptomail.org/ Ensure your right to privacy.
Traditional email messages are not secure. They are sent as
clear-text and thus are readable by anyone with the motivation
to acquire a copy.
!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
