OpenVAS Quality of Detection (QoD)
What is Quality of Detection (QoD) in OpenVAS scans?
For OpenVAS, Quality of Detection (QoD) describes the reliability of a vulnerability detection on a scale from 100% (most confident) to 0% (least confident).
Why is QoD Useful?
QoD is useful for filtering false positive vulnerabilities. A lower QoD test is more likely to create false positives. Generally, results with a QoD of 70% or higher are reliable, and those below are more likely to be false positives.
What QoD filtering should I use?
There is no setting that is best for everyone. The right minimum QoD threshold will depend on the systems being scanned and your tolerance for false positives vs complete results. A common cause of false positives is open source software backporting security fixes to older package version numbers. If you are running Linux distributions with many backported fixes, you may see a higher rate of false positives from low QoD tests.
The default QoD is 70%. However, it can be helpful to run a scan at 0%, which will show you all possible findings. You can then review those finding to determine what level is best for your use case. Note: after you lower your OpenVAS QoD setting in HostedScan, you will need to rescan with OpenVAS to discover all of the lower QoD findings.
How can I improve my detections?
Many vulnerability detections, like WordPress and WordPress plugin vulnerabilities are detected at a lower threshold of QoD. Lowering QoD will create more detection results but at the cost of more false positives. In the case of a WordPress site, a lower QoD, for example, 30%, may be appropriate.
Where can I change the QoD for my HostedScan account?
If you already have an account, you can change the QoD on your account settings page.
If you would like to try out OpenVAS, with different QoD settings, you can start a free trial below. By default, we run the OpenVAS scanner with a 70% QoD.
OpenVAS Online Scan
Safeguard your business through continous, up to date, vulnerability scanning.
Where can I learn more on OpenVAS QoD?
For detailed information about the different QoD levels, Greenbone documentation provides additional breakdowns of the levels and the type of detection they map to. See their OpenVAS/GVM documentation.