Tenable Blog

For over a year now, Tenable has been including CVSS base scores in the plugins we write for Nessus as well as Passive Vulnerability Scanner (PVS) to give our customers an objective way to assess the risk of flaws those plugins test for. We've been calculating these scores in-house during the course of investigating vulnerabilities and how to test for them.

Most companies have some sort of policy in place which defines network or computer activities which are considered 'Acceptable computer usage'.  Such policies are often difficult to enforce.  The Tenable Passive Vulnerability Scanner (PVS) can help companies detect and report on inappropriate usage. This blog post discusses how the PVS can be used to look for policy violations and items such as credit card numbers, social security numbers and other types of sensitive content in motion.

Tenable continues to offer interesting content. We've added three new presentations and interviews to our list of webinars.

Interview with Thomas Ptacek, Founder of Matasano Security
November 28, 2006 -- 2:00 PM - 3:00 PM EST
https://www.gotomeeting.com/register/140139085

I was on an enterprise vulnerability management panel at the recent Infosecurity show in NY City. On the topic of patch management, a question was asked about using severity ratings for vulnerabilities to select which patches to apply, or the prioritization of which patches to apply first. This blog entry captures my comments from the panel and my general thoughts on the subject.

Don't Let Your Vulnerability Scanner or Penetration Tool dictate your patch policy!

Tenable has many new events between now and January 2007. They are all outlined below. More are being added as we speak, including a series of interviews with leading computer and information security experts.