Reference of How to Comment Vulnerability Assessment



After scanning exposures, Vulnerability Assessment System will produce risk assessment report and analyze static chart. However, could this report help managers to patch correctly and quickly?

Although at present, there is no standard to check the vulnerability assessment. However, to American information security administration, they do have their own rule of thumbs to inspect the system, but those rule of thumbs are not real "criterions" or regulations on document. In Taiwan, because there is no related official information for assessment, only one function would be compared. (There is no doubt that simple comparison is helpful for selling but is not good for information security's improvement. If this comparison continues, it would have bad effect for development of information security in Taiwan.

After referring to internal inspection documents for vulnerability assessment couples information security administrations, DragonSoft concludes 20 measurements for checking vulnerability assessments. Each one has 5 points. (We suggest that it could get more objective results from revising the checking regulations from different network.

First, Physical Security

Convenience
  1. Easy to be set and operated
  2. User could choose functions and make decisions
  3. Examine target that user could select
  4. Set up security policy
  5. Update quickly.
Efficiency and ability
  1. Scan ports take how much time
  2. Examine ports take how much time
  3. Tell network service correctly
  4. Tell operation system correctly
  5. Examine vulnerability reliability
Report and output
  1. Report classification
  2. Report could be understand easily
  3. Items and vulnerability could be found easily
  4. Picture and report's information is abundant
  5. Report and result could be outputted correctly
Vulnerability database
  1. Update vulnerability database's frequency
  2. New vulnerability be added quickly
  3. The content of patch and description of vulnerability practically
  4. Affirmation degree of the vulnerability
  5. Compatibility degree
About DragonSoft Security Associates, Inc.
DragonSoft Security Associates is a leading developer in Taiwan for network security software and an active contributor to network security education. Founded in 2002, DragonSoft offers vulnerability management olutions, including vulnerability assessment, System Security Management and intrusion prevention.