Is VulnDetect dead?

Armin

Dear VulnDetect team,

I am following the forums for two years now but the last months not much happened here.
Only the user @OLLI_S is posting a lot, but that's it.

If I look at the Feature and Functionality Requests then not much was
implemented the last months.

There are suggestions that increase the security of my system:

• Additional Status for Update Available
• Threat Level

But these are not implemented yet (making my system unsafe).

There are also some very basic suggestions like:

• Column-Headers
• Allow to Sort the Columns
• Export List of Applications (to print it or to analyse it in Excel)

Also not implemented yet (although they are basic).

So my serious question is: Is the project still active?
Is VulnDetect still being developed?
Do you have financial problems and have to work on other projects to earn enough money?

You have to add more features and make the progress more transparent to users.
You should write what features you have implemented and what features you are currently working on.

Best regards

Armin

Tom

Hi Armin,

Thank you for your concern.

We have made a lot of progress, except in the UI in the Personal. Most improvements have been in the backend and in the UI of the Corporate.

And every day we update software detection rules, update packages, update the security state of detected apps, and we add new detections and new packages.

So VulnDetect is by no means dead, but yes, I have to admit that we haven't been active here and that we haven't communicated about the backend progress there has been, which has positively affected the Personal edition of VulnDetect.

Some of these improvements for the Corporate edition are in the pipeline for the Personal edition.

In short, VulnDetect is alive and being maintained, and it is our only project. However, we are "behind" with the Personal edition.

Any and all relevant backend changes, as well as all updated and new software detection rules are available at the same time, for both the Personal and the Corporate edition.

You can also see the (now) updated changelogs:
https://vulndetect.org/category/1/announcements

GregAlexandre

@Tom
Hi,
I had the same question as Armin.
I am glad to read that Vulndetect is still alive.
I did not see something younger than one year in https://vulndetect.org/category/1/announcements

Regards.

Tom

@GregAlexandre It is because we update the original post, if you click the two top ones, then you will see all the changelog entries.

Armin

Thank you @Tom for your answer.
 
I see that you are working on your detection rules and add some requested apps.
And that you enhanced the UI for business users.
But for me - a personal user - it is very frustrating and unsatisfying to see no progress.
 
So many features could be added easily (and maybe are already present in the business UI).
 
For example, the Status for “Update Available”.
When I expand an entry then I see at some entries the “Recommended version” so you already have the information that there is a new version available.
Currently I have to expand all my entries (there are unfortunately no counters so I can not tell you how many entries I have) to see the “Recommended version” (to see if there is a new version of the application available.
So VulnDetect is absolutely useless under the aspect that it tells me when there are new versions of my installed applications available.
I really hope that this feature is implemented soon.
 
The suggestion “List of Applications - Improved UI” is also a feature I would love to see (wrote this in Sept. 2018).
There I see the “Update Available” status and a clear separation between vulnerable apps and apps without vulnerabilities. This points out the importance of updating vulnerable apps.
 
It should also be easy to add Column-Headers and make the columns sortable.
 
There are so many suggestions here in the forums but many of them are still missing and not even started.
@OLLI_S Maybe you update the status of the suggestions so we see what features are available in the business UI and will be released soon in the personal UI as well.
You have to be more transparent and listen to the community.
 
I really hope we see some updates in the personal UI soon.
 
Best regards
 
Armin

OLLI_S

@Tom Should I update the feature requests, that are available in the Business UI with "Work in Progress"?

Armin

I receive the weekly Digest for the forums by email.

If I look at the last 2 weeks, then no user of the group "VulnDetect Employees" posted a reply (neither @Tom nor @VulnDetect).
These are the only users in the group "VulnDetect Team Member" where I see the description "VulnDetect Employees".

I saw many posts from @OLLI_S but this user is in the group "Community Moderator" (description "Trusted members who has been assigned special privileges").
So I assume that @OLLI_S is a user like me that just has special privileges.

So I really wonder what is wrong here.
When an official "VulnDetect Team Member" is not replying for 2 weeks (also not in this post here).
This is sad, very sad,

Maybe @Tom should be more active here in the forums.

OLLI_S

@Armin Yes, I am a "normal" user that helps making the project a really cool and awesome tool.

I know that @Tom and the others of VulnDetect are working on new features (mainly for the business UI but we private users also benefit from then).
There are many rules that must be kept up-to-date, many security news must be read, vulnerability-informations must be collected and updates for applications must be packaged (some apps can be updated by VulnDetect with one mouse click).

You also should know that I am in personal contact with @Tom nearly every day (Telegram chat) so he is really alive and working hard on the project.
He just needs to make the process a bit more transparent.
And he should look in the forums more often and answer postings.
I am going to tell him and kick his lazy butt (he sometimes needs that ).

Tom

@Armin I agree with you, I really should.

I have come into a very bad habit of relying on OLLI to send me messages on Telegram and responding to him. I really should move the communication here and start replying to all.

OLLI_S

@Tom You should solve the detection issues and add requested apps....

GregAlexandre

@Tom : May I suggest that you also put the date for latest release of the agent in title of the relevant pinned post in "Announcement".
As prefix ?
Regards.

Tom

@GregAlexandre Good idea.
I suffixed it, so it is consistent with the other changelog.

https://vulndetect.org/category/1/announcements

Is this good enough?

OLLI_S

@Tom Should I update the feature requests, that are available in the Business UI with [Work in progress] or with any other text (like [Partly Implemented] )?

Tom

@OLLI_S If you wish, then I suppose that is a good idea. The only issue is that we may not implement all changes in the personal. But feel free.

GregAlexandre

@Tom : Great as usual

Armin

I am surprised (and very disappointed) that the feature "Additional Status for Update Available" (https://vulndetect.org/topic/492/additional-status-for-update-available) is not yet implemented or has at least the status "Work in progress".
Seems like the guys at VulnDetect are busy with other stuff that has not such a great benefit than that feature.
This is very very sad!