I haven't yet seen anything in this Community forum that gets this specific, hence me posting this.
I'd like to build a Search List & Option Profile that allows for the non-authenticated/remote discovery only of any/all OpenSSL related vulnerabilities. Currently, I have a dynamic Search List that has these criteria only:
- Discovery Method - Remote Only
- Product - openssl
As of 6/9/14 this produces 26 total QIDs. However, I'm finding that some CVEs are missing. Is there a more comprehensive way of creating an all-inclusive OpenSSL search list? Is "Vendor" an important criteria (I currently have set to "All")?