I wonder how effective this is. The text suggests that the only thing that they ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

dwheeler on Nov 4, 2022 | parent | context | favorite | on: UK Government scans all web servers hosted in the ...

I wonder how effective this is. The text suggests that the only thing that they look for is that they look for is a version statement of a major component, and then compare it to known vulnerable components. That could be somewhat helpful, but a lot of vulnerabilities won't be detected by that process. Does anyone know if they do more?

anonymousDan on Nov 4, 2022 [–]

I think this kind of service should be heavily skewed to favour false negatives instead of false positives.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact