PCI and traffic lights
teddy mills
teddymills-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Mon Nov 22 18:30:54 UTC 2010
I had to enable PCI Certification on some servers.
I think PCI Certification is a good idea.
Security certifications like PCI Compliancy is just like traffic and
traffic lights.
It is not the traffic lights that make you safe, it is the lack of
traffic that makes you safe.
It is not PCI certification that makes you safe, it is the lack of
vulnerabilities that make you safe.
So I was wondering if there were some opensource scanners like OpenVAS
or AlienVault or similar
that can do a PCI compliant equivalent scan.
They may not be certified by PCI Security Council, but if it is
equivalent, it should pass the PCI tests.
I don't know the best PCI Compliant Scanners.
The servers get a PASS from Comodo+MacAfee PCI tests, but fail the Qualysys.
I reviewed Qualysys reports and they are referring to vulnerabilities
patched 5 to 7 years ago.
I don't trust Qualsys yet. I think it is a lot of false positives.
Teddy
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list