Version 5 of OpenVAS vulnerability scanning and management tool arrives
The OpenVAS project development team has announced the release of version 5 of its open source vulnerability assessment system. According to its developers, the major update focuses on simplifying daily use of the vulnerability scanning and management tool, and brings 20 new features, including "asset management" which adds a second view of scan results. This allows users to review these results for any selection of IP devices on a network.
Version 5 of the OpenVAS software framework introduces support for individual user settings including time zones, and has delta reports so that users can analyse the differences between two scan results. Access to SCAP information (CPE, CVE) has been added to the Security Information Database and can be updated via a feed service. Other changes include the ability to sort results by CVSS score and support for using an SSH key pair for SSH authentication. The developers also note that, as of this month, there are now more than 25,000 free Network Vulnerability Tests (NVTs) available.
A full list of new features can be found in the official release announcement. Source code and binaries for OpenVAS-5 are available to download from the project's site; at the time of writing, the Virtual Appliance has yet to be upgraded to version 5. OpenVAS is licensed under the GPLv2 or later, and is sponsored by German IT firm Greenbone Networks and the German Federal Office for Information Security (BSI).