RE: Vulnerability - Tracking and Remediation

From: Kevin Reiter (KReiter@insidefsi.net)
Date: Wed Apr 18 2007 - 09:52:51 EDT

• Next message: Haroon Meer: "SensePost Aura - aka Solving the Google API Key Problem.."
• Previous message: Praburaajan: "Reminder: HITBSecConf2007 - Malaysia: Call for Papers closing in 2 weeks"
• Maybe in reply to: xelerated: "Vulnerability - Tracking and Remediation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Glad to help.

There's a lot of documentation available that tells you how to customize the majority of the app (custom fields, etc.), but there's so much of it I haven't even attempted it yet ;)

-----Original Message-----
From: xelerated [mailto:xelerated@gmail.com]
Sent: Wednesday, April 18, 2007 7:46 AM
To: Kevin Reiter; pen-test@securityfocus.com
Subject: Re: Vulnerability - Tracking and Remediation

Thanks for the mantis ref, that looks like it just might fit the bill.

Thanks!

On 4/17/07, Kevin Reiter < KReiter@insidefsi.net> wrote:
I've been using Mantis (which is actually a software bug-tracking system) to track all the security issues, and it's been working out very well. URL is http://www.mantisbugtracker.com/

On 4/13/07, xelerated <xelerated@gmail.com> wrote:
> I have a question for the pen test community.
>
> Does anyone have a free (OSS or other) way to take your vuln scan data
> (nessus in this case)
> and do tracking and remediation?
>
> As it sits now, I scan at work atleast 300 machines a month, and my
> monthly list is growing, and will soon include subnets as well.
>
> I used to take the pipe delimited format and run it through excel and
> work with it from there.
> and that worked fine back when I was only scanning 200 a month max but
> its become extremely cumbersome.
>
> Also, if there is no such good tool out there, im no coder, but if
> others out there would like to work on such a project id like to do
> that too.
>
> Thanks!

Kevin Reiter
Senior Security Engineer
Financial Services, Inc.
21 Harristown Road
Glen Rock, New Jersey 07452
(201)652-6000, ext. 588
PGP ID: 0xEE665233

This message may contain confidential or proprietary information and is intended solely for the individual(s) to whom it is addressed. If you are not a named addressee you should not disseminate, distribute or copy this e-mail or act upon the information contained herein. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

• Next message: Haroon Meer: "SensePost Aura - aka Solving the Google API Key Problem.."
• Previous message: Praburaajan: "Reminder: HITBSecConf2007 - Malaysia: Call for Papers closing in 2 weeks"
• Maybe in reply to: xelerated: "Vulnerability - Tracking and Remediation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:44 EDT