Forum Discussion
Security End-of-Life Plugins Target Release Date Immediate...
This is going to cause us a lot of issues and will greenwash our environment - i.e. make our vulnerability state look much better than it would otherwise be.
Especially because individual vulnerabilities will get rolled up into a single SEoL plugin.
I don't understand why the severities are going to default as informational? If a product is out of support the community has to assume the worst - i.e. the product is vulnerable to unknown vulnerabilities.
I'm going to have to now continually work out any new SEoL plugins and recast them to Critical, I wouldn't be annoyed if I could do a filter on recasts such as any plugin name that contains SEoL recast as critical, but I can't even do that...
Please give us an opt out option or invest in the recast usability, this is such an awful update
Thank you for your input. As a trusted partner, we are aware of the impact our products can have on customer operations and hence are extremely mindful when making any updates. Please be assured that current EoL (“Unsupported”) plugins will remain at the same severity in the new framework. For net-new SEoL coverage that we will add in the future, defaulting to an INFO level severity is a step towards providing data-driven risk guidance for this vulnerability category. Plugins will start off with INFO severity, but Tenable will update severities as we deem appropriate based on various factors.
We are exploring a future state where SEoL plugin severities scale proportional to their real-time risk, powered by Tenable’s rich vulnerability intelligence capabilities. For more information, please refer to the blog post accompanying this release.
The goal of publishing SEoL detection plugins by version branch, where applicable, is to provide more granular visibility into their timeliness and allow for atomic risk assessment.
Please open a Suggestion in Tenable’s Suggestion portal for enhanced recast functionality. Depending on your product, there may be related topics with other customer sponsorship, such as Suggestion ID IOCORE-I-63. Doing so will empower you to track Suggestions as they progress through their status lifecycle.
We are not changing our strategy for coverage of CVEs as they relate to the SEoL plugin.
