Y
Hacker News
new
|
ask
|
show
|
jobs
by
tinco
1780 days ago
If your threat profile says you need to audit your vulnerability scanners, you audit your vulnerability scanners. There's not really a problem there right?
2 comments
Pokepokalypse
1780 days ago
NIST also says: if your scanner finds a vulnerability, it's up to you to VALIDATE that it's not a false-positive.
False-positives abound on these scanners.
link
haolez
1780 days ago
I've never had to. I wanted feedback from people who have.
link
False-positives abound on these scanners.