[CentOS] Recommendation for a Good Vulnerability Scanning Service?

Fri Feb 18 19:36:15 UTC 2011
Baird, Josh <jbaird at follett.com>

We use Qualys for PCI vulnerability scanning.


-----Original Message-----
From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
Behalf Of Michael B Allen
Sent: Friday, February 18, 2011 1:20 PM
To: centos at centos.org
Subject: [CentOS] Recommendation for a Good Vulnerability Scanning


Can someone recommend a good vulnerability scanning service? I just
need the minimum for PCI compliance (it's a sort of credit card
processing certification).

I got a free scan from https://www.hackerguardian.com/ and their scan
reported a number of "Fail" results. I haven't checked them all yet
but most seem to be things for which fixes were backported looong ago
by The Upstream Vendor.

I haven't spoken with the hackerguardian people yet but it would be
nice if I could just say "I'm using CentOS 5.5" and have them factor
that into their report so that I can focus on any real issues. Are
there vulnerability scanning services that are more or less
sophisticated about this?

CentOS mailing list
CentOS at centos.org