On Nov 7, 2007, at 3:54 AM, Bob Babcock wrote:
>> Issue 1: Upgrade to Firefox 2.0.0.3
>> Issue 2: Upgrade to Firefox 2.0.0.4
>> ...
>
> I tune the list of plugins to only scan for the latest version.
> This cleans
> up my reports, but it makes maintaining the scan rules a real chore.
>
> Perhaps another way of handling this would be to have the plugin
> that scans
> for version N have something inside it that marks it as superseding
> plugins
> that look for version N-1, N-2,...
The problem with this approach is that not every organization is
going to rate these vulnerabilities as being equally important. This
seems obvious for something like firefox where basically every new
version patches a remote critical flaw, but this is much less trivial
for other advisories where version N+1 fixes a flaw which is critical
in your organization and directly affects you, whereas version N+2
patches a flaw which is not critical in a feature which has been
disabled in your organization.
Depending on how your organization handles IT and wether there's a
patch approval process or not, this can make a good chunk of our user
base and the other chunk very unhappy.
> A scan option would be to use or not use
> this information to turn off the supersceded plugins.
This indeed would be the minimum requirement, but that makes this
feature even harder to implement (it's not impossible though).
-- Renaud
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
