Would you consider a non-invited vuln scan of your asset - in which the vuln scan must fire an exploit in order to understand vuln status (so not like a passive version check, must interact) - from a “known scanning service” benign or malicious?
If I leave my door unlocked and you come into my house, I don’t thank you for letting me know my door was unlocked.
@lorddimwit ooo I love this
@lorddimwit @ntkramer what if you did lock your house and I show you a door with no lock on it you didn't even know existed before?