mailing list archives
Re: Vulnerability scanner/appliance
From: "Derek Nash" <ddnash () gmail com>
Date: Fri, 31 Aug 2007 07:30:37 -0500
There is no such thing as PCI Approved. Any vulnerability scanner will
do to get the auditors check mark. However the diligent security
professional should be looking for a solution that address the entire
vulnerability management lifecycle. Love those buzz words, but its
true. You need something that identifies, prioritizes, escalates, and
finally closes the vulnerabilities throughout the remediation process.
On 30 Aug 2007 14:40:21 -0000, kocherk () knology net <kocherk () knology net> wrote:
My employer is about to be assessed for PCI compliance. One of the requirements that we've not yet met is a
quarterly internal network vulnerability scan. I've used Nessus for these scans in the past, but does anyone know of
a PCI-approved scanning utility/appliance?