Thursday, January 3, 2008

Sigvi Vulnerability Management

SIGVI Vulnerability ManagementI need a tool that can list all of my server's vulnerabilities. Sigvi does it all. Although the process is not yet automatic. It will compare the vulnerabilities that it has received from Common Vulnerabilities and Exposures (CVE) with the softwares that we installed on our servers.

"SIGVI is an Open Source application, under GPL license.

Basically, SIGVI is an application to detect vulnerabilities on our network.

It is not magic (still ...), simply compares the vulnerabilities that it has received from the sources with the software that we have installed on our servers. Those vulnerabilities are stored into the database creating a vulnerability repository.

When finds a software version that is vulnerable, it creates an alert and send notifications to all the administrators of this server.

The SIGVI has been (and is being) developed at UPCnet, from Politechnical University of Catalonia (UPC), Spain."

No comments: