Hello Luther, Yes, SCAP Workbench and OpenSCAP can do vulnerability assessment as SCAP Workbench uses OpenSCAP under the hood.
OpenVAS/Nexpose and other security tools used to do vulnerability assessment from an external point of view, using unauthenticated methods through the network, but in the last years some of them also have authenticated scans as well. OpenSCAP is different from them because it runs locally in the system (authenticated scanning), it probes for software versions and it's more reliable than guessing versions from banners which was the most common assessment in the past. I'd say they actually complement each other, so you're safe to run both if you wish. Best Regards, Raphael On 04/12/2017 08:12 AM, Luther Goh Lu Feng wrote: > I see that OpenSCAP has a vulnerability assessment function[1]. I wish to > confirm if this functionality is present in the SCAP Workbench? > > > I would like to know OpenSCAP compares with other tools like OpenVAS[2] and > Vuls[3] in vulnerability assessment of existing software. Are they an apple > to apple comparison? > > Please do assume I know very little about the usual security jargon. Am still > trying to wrap my head around the acronyms[4] used in the domain and how they > relate to each other. Thanks. > > --Luther > > > [1] > https://www.open-scap.org/resources/documentation/perform-vulnerability-scan-of-rhel-6-machine/ > [2] http://www.openvas.org > [3] https://github.com/future-architect/vuls > [4] https://www.open-scap.org/resources/acronyms/ > > _______________________________________________ > Open-scap-list mailing list > Open-scap-list@redhat.com > https://www.redhat.com/mailman/listinfo/open-scap-list > -- Raphael Sanchez Prudencio Security Technologies | Red Hat, Inc. _______________________________________________ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list
