add tag "vulnerable" to certain scans/services, if possible

[zer010bs]

like:

• pulsevpn
• open mongodb/redis/ES_servers

will be highly manual, but can give a huge value for orgs monitoring their own datacenters OR the datacenters on their supplychain

[Seanstoppable]

Largely from Slack: Wondering what 'vulnerable' is supposed to mean. A DB exposed in and of itself isn't 'vulnerable', is it? In most cases a bad idea, sure. Even a DB/service with a specific version that maps to a CVE from the outside isn't necessarily vulnerable, since security patches can be backported and the reported version doesn't change (i.e RedHat). At time 0, highly accurate, but as patches are released for platforms, FP rate increases. Also, depending on who sees results, 'vulnerable' tends to trigger defensive/angry conversations, moreso than open discussion. Pointing out that something does map to one or more CVEs, to highlight more discovery seems more useful. No judgement about 'vulnerable' is being passed here, just that there is more to evaluate.

[zer010bs]

there is certainly a tradeoff, esp. for automated tagging.

but for stufff like scans on demand or manual executed scnas like that pulse/fortifail - scnas, that would help, es. when monitoring ones own ASN for dirty stuff. that was, what i had in mind.

[Seanstoppable]

I think your idea makes sense, and am just suggesting different verbiage that I think applies to a wider selection of audiences and use cases.