Why Common Vulnerability Scanning Practice is Useless?

I hope you will find this so obvious but unfortunately security community is highly relied on vulnerability scanning in a way which makes it totally useless or even harmful! 

Vulnerability assessment is evaluating of a System against known and potential security flaws. A System is simply a collection of processes, workflows, people, nodes, software…but traditional vulnerability scanning only focuses on individual nodes and software rather than seeing them as a whole equation. 

Today’s common vulnerability scanning which is believed to be so effective and is the center of attention for almost all type of manages security services, is actually harmful in a way that completely ignores the attack vectors coming and result from presence of link and connection and relation between many (all) components of a system, not just computers, webservers and software applications.

Published by Kaveh Mofidi

He finds simple solutions for huge and complicated issues! He believes information security and computers are fun to deal with, but the real deal is to find solution for unlimited clean energy, drinkable water, mitigate root cause of hunger, war, and injustice...We need to keep our planet livable, that is our real problem on the Earth!