PCI and traffic lights

teddy mills teddymills-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Mon Nov 22 18:30:54 UTC 2010


I had to enable PCI Certification on some servers.
I think PCI Certification is a good idea.

Security certifications like PCI Compliancy is just like traffic and 
traffic lights.
It is not the traffic lights that make you safe, it is the lack of 
traffic that makes you safe.

It is not PCI certification that makes you safe, it is the lack of 
vulnerabilities that make you safe.

So I was wondering if there were some opensource scanners like OpenVAS 
or AlienVault or similar
that can do a PCI compliant equivalent scan.

They may not be certified by PCI Security Council, but if it is 
equivalent, it should pass the PCI tests.


I don't know the best PCI Compliant Scanners.
The servers get a PASS from Comodo+MacAfee PCI tests, but fail the Qualysys.

I reviewed Qualysys reports and they are referring to vulnerabilities 
patched 5 to 7 years ago.
I don't trust Qualsys yet. I think it is a lot of false positives.

Teddy



















--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list