MinSec Check: Applications: Vulnerability Management
Closed this issue · 0 comments
akkornel commented
In MinSec for Applications, the Vulnerability Management item has the following:
Perform a monthly Qualys application scan. Remediate severity 4 and 5 vulnerabilities within seven days of discovery and severity 3 vulnerabilities within 90 days.
For Globus Connect Personal, this does not apply, because only outbound connections are made. No inbound ports are opened, so there's no way for Qualys to get in to check anything.
For Globus Connect Server, this does apply, but it can't be addressed technically. The best we can do is to tell people to either do the scan themselves, or to talk to their ISO Consultant or their LNA for assitance.