VulnDetect: Status


  • VulnDetect Team Member

    At this point, we believe that we have developed approx. 80% of the core functionality, this includes:

    • Binary to collect data on the client system
    • Scheduling of the binary
    • Data collection and parsing from the binary
    • Authentication and account management
    • Backend for curating data about software and vulnerabilities
    • Infrastructure

    ToDo:

    • Processing of the collected data / matching with the curated data
    • UI
    • Optimisation and testing of the binary
    • Curating data

    And loads of more stuff, but first we need to finish the above and get an alpha version out to you.

    /Tom


  • administrators

    This has been a great week. We have achieved a lot in terms of development, testing and generating content / rules.

    And we expect to release the first Tech Preview on Tuesday (8th of May).

    This is, as I have promised before, a very early stage of the product.

    You will be able to install it.

    It will scan your system and find around 20 of the most common programs on your Windows desktop.

    You should note, that there is no direct communication between the user interface and the agent. This is very unlike the PSI, which was a local program, that talked directly to the agent and could do "live" scans. This will be changed, but it is a low priority and will not be made before later this year.

    Also, patching, or auto updating, is not due to be implemented before around August, give or take a bit.

    In the first two or three weeks (maybe more), you should not rely on it to provide a reliable reporting of Safe / Unsafe programs.

    But we need you to install it anyway, so we get data to generate new rules from. And we will work to improve rules and reporting everyday, from now on.

    And remember, we do read all the posts and comments here on https://vulndetect.com - but we are not anywhere near being able to implement all the great ideas and feedback you have provided, yet. (but keep posting)



  • @vulndetect That is really good news, as I don't know of any scanner that was as good as Secunia PSI, and I'm holding out rather than going with a different one.


  • administrators

    Stay tuned, we are almost ready for a tech preview. All the bits and pieces has been stitched together and we are running the first internal tests of the full setup. All looking good so far. Mostly lacking content.


  • VulnDetect Team Member

    Another very busy week.

    And we are getting so close to a tech preview, we can literally taste it. Unfortunately, we won't be able to release today.

    However, we are looking for 10 tech savvy volunteers who wants to test the very first preview (most likely) next week.

    What you can expect as an early tech previewer:

    • A raw command line install
    • Detection of only a handful of software
    • No patching
    • Your data and account will (most likely) be deleted before we go to a public tech preview

    By doing this, you will help us tremendously, as we can root out some early bugs and start adding more rules to detect software, based on your actual installations.

    As you can sense, there is still a far way, before we have a product, that is as mature as the PSI 2 was, but we are listening to all the great wishes that have been posted here at vulndetect.com or received via email and we are piecing together a roadmap that we will be working on, once we got the fundamentals in place.

    Please write directly to tom at vulndetect dot com to be one of the select 10 initial testers.


  • administrators

    We've been aiming hard for a tech preview next week, coincidently, the 20th April, which happens to be the EoL date for the Secunia PSI.

    I'm afraid we may miss it by a week, but we are making a lot of progress and will keep you posted.

    Stay tuned.


  • administrators

    Sometimes progress seems too slow. But the part about processing collected data and getting the rules right is essential to ensure accurate results, while we also must allow future performance optimizations.

    We got a few breakthroughs in the past two weeks and we believe that we have a solid framework for this now, but we still have a lot of work to do.

    We also got a bit further with the UI, the registration process, and some work on the infrastructure.

    We expect to make the first (internal) test deployment in about a weeks time.

    So a tech preview or early alpha still seems to be within range, before the Secunia PSI reaches End-of-Life.

    We appreciate all the feedback we got so far, both via email and here on the forum. Feel free to write to us or post here.


  • administrators

    Working hard on the processing of the collected data and the initial matching with data on products.

    This is work in progress and will continue into next week.

    We also started work on the UI.

    The new forum setup on EC2 and the upgrade to NodeBB version 1.8.1 is ready and will be rolled out tomorrow, a default high TTL on DNS prevented us from doing it this afternoon, without unnecessary downtime.



  • Várom az alfa verziót: