Scan rules are defined in add-ons so they can be updated and published whenever they are improved. However this may be less frequently than you might expect, and there are good reasons for that. Some security tools focus on finding known vulnerabilities in known applications. New vulnerabilities are being found all of the time so the rules for these tools need to be frequently updated. These rules are often quite simple, they just need to detect that you are running a specific version of an a...
