Nexpose : Vulnerability Exceptions : Reasons for Vulnerability Exceptions

Reasons for Vulnerability Exceptions

A vulnerability exception can exist due to any of the following reasons:
·
False positive - You may want to exclude false positives reported by Nexpose. A false positive occurs when a vulnerability scanner detects a vulnerability when none exists.
·
Compensating control - You may want to exclude vulnerabilities that have mitigated risks. For example, if a vulnerability exists on a device that has an firewall in place, an organization may determine that the firewall provides enough protection and relegate the vulnerability as a minimal threat.
·
Acceptable use - You may want to create an exception for vulnerabilities that are part of organizational practices.
·
Acceptable risk - You may want to exclude vulnerabilities that are low risk vulnerabilities. These vulnerabilities tend to pose minimal security risk and are likely to consume more resources than they are worth.