Reply to post:

Verizon: Just 25% of global businesses comply fully with the Payment Card Industry Data Security Standard


1) It's possible to fingerprint a network service besides just reading the version string to better identify if there are any outstanding vulnerabilities.

2) Most exploits do not need to damage the services or systems.

3) The whole point of a security scan is for the good guys to identify problems before the bad guys do. If that means causing a DoS incident to a customer to prove they are running running vulnerable software, that's a much cheaper

4) Customers can schedule security scans, so off-hours, maintenance windows are easily selected.

5) The cost of widespread credit card fraud is quite significant, too. A company could make a whole business model out of being more secure, and giving their customers lower fees or better rewards due to the decreased fraud from vulnerable companies.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon