Limit cache age for Security Scan

[tflidd]

When users run a security scan of their setup (often after upgrades), they tend to find rather old results from the last time their host was scanned. The small greyed out testing date can be easily missed and people start to doubt about their setups.

There was a discussion on the forum, if you can't just remove old scan results and redo new scans? There isn't any sense in showing such old result (up to a year) or is there?

[isdnfan]

scan results should be invalidated after reasonable time (is there any advantage to keep them for long time?)
.. and ideally existing results dynamically change with software development e.g. system using version X with some rating degrades once X+1 is shipped (if dynamic change is too much simple invalidation of the scan DB on every release does the job too - by forcing new scan..)