Show Reason for Unsafe Status
In VulnDetect you show the status "Unsafe" but this can have different reasons:
- User has an older version installed that has known vulnerabilities (user has to update)
- User has the actual version installed but there are still open vulnerabilities (user can not do anything here)
It would be useful when you show why an application is unsafe.
For users it is important to know if they can do anything or not.
So they need to know "Your app is up-to-date but still has vulnerabilities".
Otherwise I have 5 apps with the status "unsafe" although they are all up-to-date (and I don't understand this and blame VulnDetect).
@gregalexandre If this makes too much noise in the Detection Issues and Suggestions category, then we will consider making a new category for such issues. But for now, feel free to discuss this in Detection Issues.
GregAlexandre last edited by
May I suggest to have a forum on how to remove safely unsafe version left?
For instance, I have many unsafe 7-zip version left in installshield data which are probably left by installations that do not clean up correctly. I am almost sure these 7-zip executables can be deleted without harm, but discussing this subject could help myself and others (and help let know vulndetect by having these solutions referenced by search engines).
This will affect many applications, also applications that were already patched but no info about the fixed vulnerabilities are available.
So this would definitely help the user.
report on programs with security vulnerabilities for which a patch is not yet available (zero-days). This should be categorized separately from other things (patches available or bugfix/feature updates.
Suggested by @CTaylor
Glad that you like this idea!
Yes, I agree. The UI is something we will work with soon. And this is also something that needs to be communicated better