n South African Computer Journal - Evaluating vulnerability scanners using harmonised vulnerability categories : research article

Volume 2003, Issue 31
  • ISSN : 1015-7999
  • E-ISSN: 2313-7835



The focus of this paper is to give an overview of current vulnerability detection and vulnerability scanner (VS) products. Since each VS product available on the software market today is developed by a separate vendor, there are significant differences in these VS products. Some VS products can detect more vulnerabilities than others. Some VS products can detect certain vulnerabilities while other VS tools may detect different vulnerabilities. Furthermore, the modus operandi of exactly how vulnerabilities are detected may also differ from one VS product to another. Due to these issues it is difficult to study the differences between these VS products especially when an organisation has to choose which VS product is the right one for their needs. This paper will attempt to point out the differences between some VS products available today by using the concept of harmonised vulnerability categories. These harmonised vulnerability categories attempt to represent the entire population of vulnerabilities as currently known. One of the advantages of using these harmonised vulnerability categories, for example, is to point out whether or not a specific VS product is able to detect specific kinds of vulnerabilities. This paper, therefore, shows salient results of how harmonised vulnerability categories can be used as an evaluation tool for VS products.

Loading full text...

Full text loading...


Article metrics loading...


This is a required field
Please enter a valid email address
Approval was a Success
Invalid data
An Error Occurred
Approval was partially successful, following selected items could not be processed due to error