[openvas-discuss] Contributions (fwd)

Michael Weber mweber at alliednational.com
Mon Nov 7 23:19:15 CET 2005


>>>> Adam Jones <ajones1 at gmail.com> 11/07 10:45 AM >>>
>Sorry guys if this breaks threading on the messages, been looking at
>this through list archives.

I second the apology since I'm responding in like kind...

<snip>
>I agree that the stable/unstable/testing classification will be
enough
>for plugins. Although some of the categorization features available
in
>sourceforge are awesome, I think it would turn out to be more
overhead
>than it is worth.

Could we consider a two dimensional classification?  One side being
stable/unstable/testing and the other being safe/caution/dangerous?

For some of the work I do, living on the bleeding edge is fine and I
would 
grab everything.  Other times, I need stability and safety.  Some of
my
customers demand the stability, and the latest tests.  It would be
very nice to be able to download the plugins that match just the
criteria
I need for the job.

>I also think that auditing should be structured around where a plugin
>is applicable. 
<snip>
Accountability is a GOOD thing!

>I know this adds extra work to the project. I think that, given the
>community response to this effort, the people are there to do it.
>Someone earlier said that getting new plugins is essential to the
>success of openvas, and I would like to add that providing a measure
>of quality assurance to the plugins is just as important.

I would also like to see if there is a way to prevent plugin-bloat. 
Having
9000+ tests sounds good, until you find out you need more than a 
weekend to run the scan on a larger network.  Having goals of not
duplicating any tests and not running unnecessary tests would be
appreciated.

--Michael



E-MAIL CONFIDENTIALITY NOTICE: This communication and any associated 
file(s) may contain privileged, confidential or proprietary 
information or be protected from disclosure under law ("Confidential 
Information").  Any use or disclosure of this Confidential Information,
or taking any action in reliance thereon, by any individual/entity 
other than the intended recipient(s) is strictly prohibited.  This 
Confidential Information is intended solely for the use of the 
individual(s) addressed. If you are not an intended recipient, you 
have received this Confidential Information in error and have an 
obligation to promptly inform the sender and permanently destroy, 
in its entirety, this Confidential Information (and all copies 
thereof).  E-mail is handled in the strictest of confidence by 
Allied National, however, unless sent encrypted, it is not a secure 
communication method and may have been intercepted, edited or 
altered during transmission and therefore is not guaranteed.





More information about the Openvas-discuss mailing list