I've pondered this for a while, and it's an issue that bugs me, and this is probably just a pipe-dream of a solution, but here goes:
Problem: I scan and generate reports all the time, and my key focus is generating the cleanest, simplest reports to hand over to the folks that administer the servers. So, let's say we have a box with Firefox 2.0.0.2, and an older version of Java. My report ends up looking something like: Issue 1: Upgrade to Firefox 2.0.0.3 Issue 2: Upgrade to Firefox 2.0.0.4 Issue 3: Upgrade to Firefox 2.0.0.5 Issue 4: Upgrade to Firefox 2.0.0.6 Issue 5: Upgrade to Firefox 2.0.0.7 Issue 6: Upgrade to Java 1.14_12 Issue 7: Upgrade to Java 1.15_8 You get the idea. >From one standpoint, I can see the value of knowing *just how* out of date everything is, but on the otherhand, it does skew things a bit from a remediation perspective. "Oh No, I've got 7 things to fix" is really "Oh. I've got 2 things to update". All the remediator wants to know is *what's the bottom line. What will *really* remediate this? So, how can I view the *most current* issue for Firefox, and generate a report, as long as the issue is of say, at least *Medium* level severity? Solution: Add 2 pieces of information, a <Family> and <Version>. We all know that certain software products are much more susceptible to these types of issues. "Bubba's eShopping Compendium PHP Package" is a non-issue. Firefox. Java. Quicktime. Flash. Acrobat. All of these are much more susceptible to frequent updates, minor revision/security fixes, and thus, longer reports. Here's how I envision it: Firefox is family <13245> (random assigned number I picked outta my head). Version increments by "x" whenever a new issue/patch/update comes out -- newer version, higher number, so the above looks like: Issue 1: Upgrade to Firefox 2.0.0.3 <Family>13245</Family> <Version>26</Version> Issue 2: Upgrade to Firefox 2.0.0.4 <Family>13245</Family> <Version>28</Version> Issue 3: Upgrade to Firefox 2.0.0.5 <Family>13245</Family> <Version>29</Version> Issue 4: Upgrade to Firefox 2.0.0.6 <Family>13245</Family> <Version>33</Version> Issue 5: Upgrade to Firefox 2.0.0.7 <Family>13245</Family> <Version>36</Version> Risk (hole/warning) is already captured. So with this info, I could easily pull the most recent version, at the severity level, that I wanted. Talk about nice clean reports that the end Admins will appreciate. Ya, I know it's a lot of work, but I've got to think I'm not the *only* one who would like to see something like this. Consider that while many products don't need the info (See Bubba), just hitting the big ones will make a big difference. Even if 1.5 of Firefox and 2.0 of Firefox are dubbed "different families" -- it's still going to produce a much cleaner report than the current model. So ya, it's a big change, and would require updating a lot of nasl's as well, I imagine, but would be worth it. Thanks for considering, Mike
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
