This release is a product update.
- Content updates include new checks for vulnerabilities, patch verification, and compliance with security policies.
- Product updates include performance improvements, bug fixes, and new features.
Report improvements for PCI DSS Version 1.2
- The product calculates all severity ratings according to PCI DSS Version 1.2 specifications, so that Approved Scanning Vendors (ASVs) can be confident of the accuracy of these ratings.
- The PCI Executive Summary and Vulnerability Details reports now include more detailed application information about scanned Web sites that are vulnerable to cross-site scripting and SQL injection, making reports more informative about these high-risk security issues.
- The PCI Executive Summary and Vulnerability Details reports are now more comprehensive, providing information on running services discovered during scans.
- The PCI Executive Summary report now provides a consolidated remediation plan for each scan target, eliminating redundancies and making reports easier to read.
- PCI reports now include an exception note for denial-of-service (DoS) vulnerabilties indicating that they are marked as compliant, as dictated by PCI v1.2 standards.
Vulnerability exclusion bug fix
- When you mark for exclusion a specific instance of a vulnerability that has been flagged multiple times on a given asset, the product only applies the exception to that asset, correcting an issue that previously affected other assets with the same vulnerability.
Expanded documentation for removing the program for reinstallation
- The Software Installation and Quick-start Guide now includes an additional step in the process for removing the product software to help make reinstallation work more smoothly. You can download the guide on the Support page of Help.