Hello,

On Mittwoch, 11. Dezember 2013, Chandrashekhar B wrote:
> There are products which are outdated/dead that'll never have solution. That
> is another condition to consider. There may be workarounds and workarounds
> could be to uninstall the product in some cases. 

which is a "solution"  in some sense.


> If you put a timeline like "....last one year", we need to keep that
> timeline updated.

My proposal was "at least one year". Which is something that only
needs to be updated if there really comes up a (late) solution.


> For NVTs that do not have solution for an year, we can put 
> a general message like this,
> 
> "No solution or patch is available since the disclosure of this
> vulnerability."

But that lacks the temporal information.
 
> If there is a workaround,
> 
> "No solution or patch is available since the disclosure of this
> vulnerability. The workaround is to disable 'config' setting."

It is somewhat debatable whether a workaround is a solution or not.


So, how about this text:

"""
No solution or patch was made available for at least one year since
disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable
respective features, remove the product or replace the product by
another one.
"""

And in case there is a work around:

"""
No solution or patch was made available for at least one year since
disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable
respective features, remove the product or replace the product by
another one.

A workaround is to ...
"""


Feedback very much appreciated!

Best

Jan

-- 
Dr. Jan-Oliver Wagner |  ++49-541-335084-0  |  http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 
202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
_______________________________________________
Openvas-plugins mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins

Reply via email to