On Mon, Aug 25, 2003 at 12:11:07PM -0400, Noah L. Meyerhans wrote: > > If you have a specific policy that allows you to only be interested in > ancient attacks, good for you. We cannot expect our users to be in such > a position.
Maybe you are not interested in new attacks (say, about a year old) for vulnerability assesment since your systems are quite old anyway and no new attacks have been found for your are either unknown (no one is doing security research on them) or rock-solid systems. Show me a bug less than a year old for VMS (not OpenVMS), or Ultrix, please. In either case, you can still have your Nessus 1.x and Snort 1.8 engines up and running as soon as you feed them with data, since both are open enough for the administrator to write new plugins and/or rules for them admins can still rely on them. Might I remind you that there rules or plugins can be easily backported? (whileas software cannot) That's the whole point of my proposal for separating engines and data. Could you please make useful comments to _that_? Regards Javi
pgppyEIo00jPz.pgp
Description: PGP signature
