This Report focuses on vulnerability assessment tools, which this Report defines as: automated tools the primary purpose of which is to:
- Proactively detect vulnerabilities in elements of deployable or deployed information systems and/or networks before those vulnerabilities are exploited (by contrast with tools that are used to forensically analyze such systems/networks after an intrusion or compromise);
- Analyze all detected vulnerabilities to assess their potential impact on the security posture of the system/network element in which the vulnerabilities are found, and quantify the level of risk that impact poses on the overall system/network.
Download PDF: http://iac.dtic.mil
- Proactively detect vulnerabilities in elements of deployable or deployed information systems and/or networks before those vulnerabilities are exploited (by contrast with tools that are used to forensically analyze such systems/networks after an intrusion or compromise);
- Analyze all detected vulnerabilities to assess their potential impact on the security posture of the system/network element in which the vulnerabilities are found, and quantify the level of risk that impact poses on the overall system/network.
Download PDF: http://iac.dtic.mil
