Has there been research/analysis on the use of Vulnerability scanning ecosystems as a point of compromise into a network?
Specifically -- for enterprises using authenticated scanning -- the vulnerability scanning ecosystem becomes a trusted entity which by design is launching invasive tests with admin/root privileges. These tests while designed to be as minimally invasive as possible could be altered to be malicious if an attacker compromised the scanning ecosystem itself (in theory). How do organizations get around this inherent security risk related to enterprise wide authenticated scanning?