Root, aha! We've finally uncovered the root of the problem. (Sorry. I can't help myself. It's Friday afternoon.)
While Qualys' TLS scanner is a top-notch tool that I use regularly, their "security scanner" is sadly not. They have built a tool that checks version numbers. This is not ideal, because the clear majority of Linux systems do not do wholesale version updates but instead backport specific security fixes:
Both of these approaches would give better results. (There are tradeoffs involved. They are welcome to contact us at <email address hidden> if they would like to discuss the tradeoffs.)
Root, aha! We've finally uncovered the root of the problem. (Sorry. I can't help myself. It's Friday afternoon.)
While Qualys' TLS scanner is a top-notch tool that I use regularly, their "security scanner" is sadly not. They have built a tool that checks version numbers. This is not ideal, because the clear majority of Linux systems do not do wholesale version updates but instead backport specific security fixes:
https:/ /wiki.ubuntu. com/SecurityTea m/FAQ#Versions /www.debian. org/security/ faq#version /wiki.centos. org/FAQ/ General# head-3dad8cb98a c535185e58e882a 23ca4b096cbff2f /access. redhat. com/security/ updates/ backporting
https:/
https:/
https:/
These sorts of security scanners would be more useful if everyone built their entire systems from scratch.
Anyway, please ask Qualys to consider consuming our OVAL data: /people. canonical. com/~ubuntu- security/ oval/ /git.launchpad. net/ubuntu- cve-tracker
https:/
or parsing our database directly:
https:/
Both of these approaches would give better results. (There are tradeoffs involved. They are welcome to contact us at <email address hidden> if they would like to discuss the tradeoffs.)
Thanks