On Mittwoch, 4. Dezember 2013, Dave Howland wrote: > It would appear that the lower limit for medium risk vulnerabilities in > OpenVAS is 2.0, whereas in Nessus and our external ASV scans the lower limit > is 4.0; this is the limit accepted by our security assessor for PCI. > > Is there a way to change the OpenVAS risk limits to reflect what our security > assessor expects to see i.e. Low is 0.0 to 3.9, Medium is 4.0 to 6.9 and High > is 7.0 to 10.0.
you are referring to the "NVD Vulnerability Severity Ratings" I guess. These are the new default for upcoming OpenVAS-7. In OpenVAS-7 it is also possible to switch to "OpenVAS Classic" which is the current default in OpenVAS-6. Unfortunately it is not easily possible to change the severity classes in OpenVAS-6. Regarding PCIDSS: Wasn't 4.3 the magic limit? -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
