VulnDetect: Status
-
@snorre I can't give you any very exact estimates on the state of the product going forward.
Now we have been in "Tech Preview" for 3 months, and I believe that we are ready for (early) Alpha next week. We presume that Alpha will be the right label for at least a couple of months, perhaps even to the end of the year.
And Beta quality should be realistic before the end of the year. Once we reach Beta, I think it is viable for most users, except the most novice.
When it comes to labeling the solutions as Alpha / Beta we like to believe that we are leaning towards the conservative side, but I'll let you be the judge of that.
-
First i want to express that I like your work very much. As PSI, my favored personal security update assistant died, I was looking for a good alternative very long. VulnDetect (Carma) looks like it has the chance to be this product.
Therefore I would like to ask some questions about further development.
Do you have a time schedule or a roadmap where we can see how your further progress is planned?
Is there an estimated date when the product will be in a state where "normal" private users can install?
Which states are planned (alpha / beta / GA) and when?Thanks for your work to help users to become less vulnerable!
-
This has been a great week. We have achieved a lot in terms of development, testing and generating content / rules.
And we expect to release the first Tech Preview on Tuesday (8th of May).
This is, as I have promised before, a very early stage of the product.
You will be able to install it.
It will scan your system and find around 20 of the most common programs on your Windows desktop.
You should note, that there is no direct communication between the user interface and the agent. This is very unlike the PSI, which was a local program, that talked directly to the agent and could do "live" scans. This will be changed, but it is a low priority and will not be made before later this year.
Also, patching, or auto updating, is not due to be implemented before around August, give or take a bit.
In the first two or three weeks (maybe more), you should not rely on it to provide a reliable reporting of Safe / Unsafe programs.
But we need you to install it anyway, so we get data to generate new rules from. And we will work to improve rules and reporting everyday, from now on.
And remember, we do read all the posts and comments here on https://vulndetect.org - but we are not anywhere near being able to implement all the great ideas and feedback you have provided, yet. (but keep posting)
-
@vulndetect That is really good news, as I don't know of any scanner that was as good as Secunia PSI, and I'm holding out rather than going with a different one.
-
Stay tuned, we are almost ready for a tech preview. All the bits and pieces has been stitched together and we are running the first internal tests of the full setup. All looking good so far. Mostly lacking content.
-
Another very busy week.
And we are getting so close to a tech preview, we can literally taste it. Unfortunately, we won't be able to release today.
However, we are looking for 10 tech savvy volunteers who wants to test the very first preview (most likely) next week.
What you can expect as an early tech previewer:
- A raw command line install
- Detection of only a handful of software
- No patching
- Your data and account will (most likely) be deleted before we go to a public tech preview
By doing this, you will help us tremendously, as we can root out some early bugs and start adding more rules to detect software, based on your actual installations.
As you can sense, there is still a far way, before we have a product, that is as mature as the PSI 2 was, but we are listening to all the great wishes that have been posted here at vulndetect.org or received via email and we are piecing together a roadmap that we will be working on, once we got the fundamentals in place.
Please write directly to tom at vulndetect dot com to be one of the select 10 initial testers.
-
We've been aiming hard for a tech preview next week, coincidently, the 20th April, which happens to be the EoL date for the Secunia PSI.
I'm afraid we may miss it by a week, but we are making a lot of progress and will keep you posted.
Stay tuned.
-
Sometimes progress seems too slow. But the part about processing collected data and getting the rules right is essential to ensure accurate results, while we also must allow future performance optimizations.
We got a few breakthroughs in the past two weeks and we believe that we have a solid framework for this now, but we still have a lot of work to do.
We also got a bit further with the UI, the registration process, and some work on the infrastructure.
We expect to make the first (internal) test deployment in about a weeks time.
So a tech preview or early alpha still seems to be within range, before the Secunia PSI reaches End-of-Life.
We appreciate all the feedback we got so far, both via email and here on the forum. Feel free to write to us or post here.
-
Working hard on the processing of the collected data and the initial matching with data on products.
This is work in progress and will continue into next week.
We also started work on the UI.
The new forum setup on EC2 and the upgrade to NodeBB version 1.8.1 is ready and will be rolled out tomorrow, a default high TTL on DNS prevented us from doing it this afternoon, without unnecessary downtime.
-
Várom az alfa verziót: