Email or username:

Password:

Forgot your password?
Stefano's posts Post Back to profile
Top-level
Neil Brown

@steve @stefano

"Hi! Here's an output of a series of automated scans. False positives? No idea. That's outside the scope of work. Good luck!"

22 July at 13:37 | Wall-to-wall | Open on mastodon.neilzone.co.uk
3 comments
Steve Hill 🏴󠁧󠁒󠁷󠁬󠁳󠁿πŸ‡ͺπŸ‡Ί

@neil @stefano "Here's an automated scan, if there are any false +vs you need to provide proof for each one individually."

"We're running a fully up to date RHEL 9, please exclude all the known false +vs for that OS"

"We don't do that, you need to provide proof for each individually"

I mean, these people are getting paid to do these scans, surely the least they could do is maintain a database of false +vs for common OSes so they could be automatically excluded?! (spoiler: none of them do!)

22 July at 14:05 | Open on mastodon.nexusuk.org
Steve Hill 🏴󠁧󠁒󠁷󠁬󠁳󠁿πŸ‡ͺπŸ‡Ί

@neil @stefano Basically money for old rope - a not insignificant amount of money paid to just push the "start" button on the scanner, produce an automatic 300 page report and generate a crap-ton of work for someone else!

22 July at 14:05 | Open on mastodon.nexusuk.org
ferricoxide

@steve@mastodon.nexusuk.org @neil@mastodon.neilzone.co.uk @stefano@mastodon.bsd.cafe

To which I respond back with a dump of links to the OS vendors' CVE pages for each finding. Sometimes that's enough. Often times its too "TL;DR" for them.

22 July at 16:01 | Open on evil.social
Go Up