Hello, On Mittwoch, 11. Dezember 2013, Chandrashekhar B wrote: > There are products which are outdated/dead that'll never have solution. That > is another condition to consider. There may be workarounds and workarounds > could be to uninstall the product in some cases.
which is a "solution" in some sense. > If you put a timeline like "....last one year", we need to keep that > timeline updated. My proposal was "at least one year". Which is something that only needs to be updated if there really comes up a (late) solution. > For NVTs that do not have solution for an year, we can put > a general message like this, > > "No solution or patch is available since the disclosure of this > vulnerability." But that lacks the temporal information. > If there is a workaround, > > "No solution or patch is available since the disclosure of this > vulnerability. The workaround is to disable 'config' setting." It is somewhat debatable whether a workaround is a solution or not. So, how about this text: """ No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. """ And in case there is a work around: """ No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. A workaround is to ... """ Feedback very much appreciated! Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-plugins mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins
