We use Qualys for PCI vulnerability scanning. Josh -----Original Message----- From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf Of Michael B Allen Sent: Friday, February 18, 2011 1:20 PM To: centos at centos.org Subject: [CentOS] Recommendation for a Good Vulnerability Scanning Service? Hi, Can someone recommend a good vulnerability scanning service? I just need the minimum for PCI compliance (it's a sort of credit card processing certification). I got a free scan from https://www.hackerguardian.com/ and their scan reported a number of "Fail" results. I haven't checked them all yet but most seem to be things for which fixes were backported looong ago by The Upstream Vendor. I haven't spoken with the hackerguardian people yet but it would be nice if I could just say "I'm using CentOS 5.5" and have them factor that into their report so that I can focus on any real issues. Are there vulnerability scanning services that are more or less sophisticated about this? Thanks, Mike _______________________________________________ CentOS mailing list CentOS at centos.org http://lists.centos.org/mailman/listinfo/centos