Identify the scanner used to produce the report. Is the tool open source or commercial? Do you consider the tool to be industry standard?
Vulnerability Scanning Tool Evaluation and Recommendations
After performing an analysis of the vulnerability report provided by the third-party penetration testers, present your evaluation of the tool and your recommendations here. The text and questions below represent the specifics to focus on while writing your memorandum. Do not include the specific text of the questions in your final submission.
⦁ Identify the scanner used to produce the report. Is the tool open source or commercial? Do you consider the tool to be industry standard?
⦁ What are some advantages to using the tool? Disadvantages?
⦁ What is your overall impression of the tool’s output?
⦁ Does the tool provide enough reporting detail for you as the analyst to focus on the correct vulnerabilities? Can you appropriately discern the most critical vulnerabilities?
⦁ Do you think mitigations for the vulnerabilities are adequately covered in the report?
⦁ Do you think the reports are suitable for management? Explain why or why not.
⦁ Would you distribute the report automatically? Explain why or why not.
⦁ Would you recommend that Mercury USA use the tool? Explain why or why not.