Thread: [ADMIN] Postgres vs EnterpriseDB Vulnerability scans with Nessus
[ADMIN] Postgres vs EnterpriseDB Vulnerability scans with Nessus
From
"Goldsmith, Christopher [ASM Research]"
Date:
We are using Nessus Version: 5.5.0 to run Vulnerability scans of our EnterpriseDB 9.5..x instances and Nessus is using up-to-date Postgres audit file/ policy / definitions.
Is there anyone here that uses EnterpriseDB fork of Postgres and can confirm if the EnterpriseDB and Postgres are close enough that the results are valid and can be trusted.
Our need for all this is to meet Federal audit requirements.
The information contained in this message may be privileged and/or confidential and protected from disclosure. If the reader of this message is not the intended recipient or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender immediately by replying to this message and deleting the material from any computer.
On 06/30/2017 09:29 AM, Goldsmith, Christopher [ASM Research] wrote: > We are using Nessus Version: 5.5.0 to run Vulnerability scans of our > EnterpriseDB 9.5..x instances and Nessus is using up-to-date Postgres > audit file/ policy / definitions. > > Is there anyone here that uses EnterpriseDB fork of Postgres and can > confirm if the EnterpriseDB and Postgres are close enough that the > results are valid and can be trusted. EDB is a proprietary fork with unknown modifications (i.e. we on this list don't have access to their source code), thus I think only EDB can answer that question. You should be asking them. Joe -- Crunchy Data - http://crunchydata.com PostgreSQL Support for Secure Enterprises Consulting, Training, & Open Source Development
Attachment
Re: [ADMIN] Postgres vs EnterpriseDB Vulnerability scans with Nessus
From
"Goldsmith, Christopher [ASM Research]"
Date:
I also have the same question in via a support case with EDB was asking here to cover all bases -----Original Message----- From: Joe Conway [mailto:mail@joeconway.com] Sent: Friday, June 30, 2017 3:45 PM To: Goldsmith, Christopher [ASM Research] <christopher.goldsmith@asmr.com>; pgsql-admin@postgresql.org Subject: Re: [ADMIN] Postgres vs EnterpriseDB Vulnerability scans with Nessus On 06/30/2017 09:29 AM, Goldsmith, Christopher [ASM Research] wrote: > We are using Nessus Version: 5.5.0 to run Vulnerability scans of our > EnterpriseDB 9.5..x instances and Nessus is using up-to-date Postgres > audit file/ policy / definitions. > > Is there anyone here that uses EnterpriseDB fork of Postgres and can > confirm if the EnterpriseDB and Postgres are close enough that the > results are valid and can be trusted. EDB is a proprietary fork with unknown modifications (i.e. we on this list don't have access to their source code), thusI think only EDB can answer that question. You should be asking them. Joe -- Crunchy Data - https://linkprotect.cudasvc.com/url?a=http://crunchydata.com&c=E,1,O5gz5x1HnTh4y__e0q4okkLL0WLU8t12cDpqe16QpgBJeha7LQdI_oExOcJX0pkPSLvArvE83eHnm3QbUxTkiwhPpGR_Im1LcFtqF4vOjQJpgNW5iYk5&typo=1 PostgreSQL Support for Secure Enterprises Consulting, Training, & Open Source Development The information contained in this message may be privileged and/or confidential and protected from disclosure. If the readerof this message is not the intended recipient or agent responsible for delivering this message to the intended recipient,you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited.If you have received this communication in error, please notify the sender immediately by replying to this messageand deleting the material from any computer.