Why Common Vulnerability Scanning Practice is Useless?

I hope you will find this so obvious but unfortunately security community is highly relied on vulnerability scanning in a way which makes it totally useless or even harmful!

Vulnerability assessment is evaluating of a System against known and potential security flaws. A System is simply a collection of processes, workflows, people, nodes, software…but traditional vulnerability scanning only focuses on individual nodes and software rather than seeing them as a whole equation.

Today’s common vulnerability scanning which is believed to be so effective and is the center of attention for almost all type of manages security services, is actually harmful in a way that completely ignores the attack vectors coming and result from presence of link and connection and relation between many (all) components of a system, not just computers, webservers and software applications.

By Kaveh Mofidi

While I enjoy working with electronics, computers, and the fields of information and cybersecurity, I believe our challenges as humans extend far beyond infosec—and even beyond technology itself. The real task, I would argue, is to discover solutions for unlimited clean energy, drinkable water, practical waste management and to address the root causes of hunger, war, and injustice on our beautiful little planet. Our primary goal—each of us—should be to keep Earth livable. That is the true challenge we face.

View all of Kaveh Mofidi's posts.