At the moment it seems that it is not the writers of software or the Manufacturer's responsibility to identify security flaws in their code that could potentially allow local or remote exploitation. It is up to users to find them out the hard way and advise so that the fixes are patched. This may be slowly changing, however these firms are not in the business of security so it is likely to be a painful process.

In the meantime it is up to independent researchers and security teams to look for flaws in common applications and advise accordingly, as a result they also provide the most effective scanning tools to find and fix these.

Over the last 6 years, due to the nature of network security, I have had a great deal of exposure to various sources for vulnerability alerts, and more importantly, remedies. Having assessed the sources from US Cert to Microsoftupdate.com, freeware scanners and the leading players it seemed only fair to source 3 scanning tools from 3 different vendors, all of which have research teams that lead the industry.

eEye Retina from eEye technologies, Wireless Scanner from ISS and LANguard from GFI are the leading scanners for autodiscovery, asset inventory, identification and, in the case of GFI LANguard, remediation of vulnerabilities. This statement is made based on the number of vulnerabilities that have been published in recent years by either eEye Research, GFI or X-force from ISS. Check it out, you may be surprised how many Browser, O/S, Database and Application vulnerabilities are actually found by these guys and notified to the manufacturer to fix!!

Day Zero Securities feel very strongly about recommending any of these products based on the commercial and technological contraints of a project only.

eEye Retina

ISS Wireless Scanner

GFI LANguard Network Security Scanner (N.S.S)

For any information or for a demo/evaluation of any of the scanners, please call 01782 720229 or email info@dayzerosecurity.com