>> I think all discovered information should be in the report, so >> security_note() is appropriate in this case. log_message() should only be >> used to log information such as plugins's inability to perform something, >> error messages etc., >> >> The discovered information is always useful to analyze the effectiveness of >> the report, not everyone looks at logs.
> I agree in principle. > But yet again: Should the NVTs that do collect information > into the KB report on their own Security-level message? Isn't it a better > design to have other scripts report on such information. security_warning/security_hole is generally used for reporting vulnerabilities and security_note is always used to dump some info which is generally useful to assess the report. I don't think there are Plugins that use security_note to report vulnerabilities. Thanks, Chandra. _______________________________________________ Openvas-plugins mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins
