I am looking for some open source tools to manage data from vulnerability scans.

Question

I am looking for some open source tools to manage data from vulnerability scans. My company uses Tenable Nessus, Mcafee vulnerability mananger, acunetix, appscan for vulnerability scans. However it is extremely difficult to review output from multiple tools and generate VA report from it. Also it is very difficult to track closure of these VA findings.

Looking for some tools/methods to manager VA scan. recently I have come across tool called Openfisma but not sure whether I can use that in carporate but this tool can take xml output report from VA tools and generate report from it and helps in effectively tracking the same.

Can i go ahead and use Openfisma or is there any other tools available to consider for VA audit management?

Awaiting your reply..

Explanation / Answer

The openfisma site is pretty bad and there is little action in the forums, plus the last release is from June 2013, plus you cannot login to their demo. Putting all that together, I'd be cautious. However, it still might be worth looking at.

I can't see any glaring reason why you couldn't use it, provided you check it out well.

I've been writing a similar tool for my work environment as I found a similar problem. I can't share it with you (at least not at this stage). It is pretty specific to our needs and may not suit anyway.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.