IETF Logo Mail Archive

Re: [sacm] Hackathon Goals and Stretch Goals

Tim Harrison <timothy.harrison.0@gmail.com> Tue, 16 May 2017 03:33 UTC

Return-Path: <timothy.harrison.0@gmail.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 78556129AC4 for <sacm@ietfa.amsl.com>; Mon, 15 May 2017 20:33:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.448
X-Spam-Level:
X-Spam-Status: No, score=-2.448 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z-ioOPvffeTv for <sacm@ietfa.amsl.com>; Mon, 15 May 2017 20:33:50 -0700 (PDT)
Received: from mail-oi0-x229.google.com (mail-oi0-x229.google.com [IPv6:2607:f8b0:4003:c06::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BAF38129B02 for <sacm@ietf.org>; Mon, 15 May 2017 20:30:58 -0700 (PDT)
Received: by mail-oi0-x229.google.com with SMTP id l18so10374897oig.2 for <sacm@ietf.org>; Mon, 15 May 2017 20:30:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=fINr2JNsLydlr3Kl5dDaUCleug6B1DySJ0pk5joKxVI=; b=pLEOd26I7KNVt50YP0hkzwiqe7/rz27Jg8MEYtzegvyvJTTG8WonZ4V4eHP/y+Ml78 NnCx2tOXFCrx7DbBFbO5pxBp8I9pJdM4KQTrn6UWl5YWqDwxLMlEb4wUaEfZ6pWUQxq+ Iabt06B4FPoewJLBy9aTMRiL1oBwAf9NsG0GokCyhT2p5UJ5PwL72L1nqxNRvEpSrkra HtUBOH8c+8muCCmaT/+ySBlM3wjUPBnjiBeb92bwbh3UJvKJH/k097vtDBKCm+3RlElr +1EKBFE/3+wbdxSg614biXw/WxY5e9F60u0UTGoKANjzrZIGpg4/TYYqH/YlYj3G8s9Z 6E2w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=fINr2JNsLydlr3Kl5dDaUCleug6B1DySJ0pk5joKxVI=; b=gpDRqLX2shrLtD32bl4DeOw7ANh9svq10RIzNoo09NeQrdKFMpDcopSHRG6ZGxPKoS cU6pfCj4Ra04bv8DIO6AN1lfXG62VzHrP3eCT5XZjhngz7+VisbTeuQqXZDSp56tWvkA k9S5zvLoUqxNE7Pzi6GrObsYuJ+th4CKAbxHHmfV57ta+hG1ZJGllWQe6es1wGv45LKR XlEixKbkFl1OhNSLY8LszPRhn+eZhGvRGkyOZFTr00qk6OkxKbuYctR57MwCBkAuvSGu cibtlUlZFaD1tVBiyHep1m4TIOUsr5zt8maL7zPkafFqWAlkLxVjt5rWm0piqeUfJS95 KSTA==
X-Gm-Message-State: AODbwcDLrG47dtTI4gjCU328tMHX/qMxJjO3BlQ1yCn9vLltvIf33Yst KO56oGKPY4CcB1tcZ131lAE7QoZ0Cw==
X-Received: by 10.202.244.86 with SMTP id s83mr843809oih.116.1494905458102; Mon, 15 May 2017 20:30:58 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.157.49.8 with HTTP; Mon, 15 May 2017 20:30:57 -0700 (PDT)
Received: by 10.157.49.8 with HTTP; Mon, 15 May 2017 20:30:57 -0700 (PDT)
In-Reply-To: <CAA=AuEf_7A4ObvoiGHHzhtzNTS2B3Wxiz+WcBjwc8dqh4z7h2g@mail.gmail.com>
References: <CACknUNUhqqdumk1wombsAha0TQS4O4dNpajUs2Ak4jWDWZHXaA@mail.gmail.com> <CACknUNUQ_sgw46GsU8LoOq1puEyo8DUnJ4599h0GE=+Nc2Hxow@mail.gmail.com> <MWHPR09MB1440A80762DE455376735978F0E10@MWHPR09MB1440.namprd09.prod.outlook.com> <CACknUNUA0YH5EXQrPJHMWqfp=PZcVc_FpeTR0T9SmRMsteSvhw@mail.gmail.com> <CAA=AuEf_7A4ObvoiGHHzhtzNTS2B3Wxiz+WcBjwc8dqh4z7h2g@mail.gmail.com>
From: Tim Harrison <timothy.harrison.0@gmail.com>
Date: Mon, 15 May 2017 23:30:57 -0400
Message-ID: <CAMgsg0dV-YOx6bLM0MQ3PmbH6S1NvzvDEYU88uuKU4SSwQ4JGQ@mail.gmail.com>
To: Jerome Athias <athiasjerome@gmail.com>
Cc: "sacm@ietf.org" <sacm@ietf.org>, Adam Montville <adam.w.montville@gmail.com>, "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
Content-Type: multipart/alternative; boundary="001a11c17ca4cd9650054f9bccc2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/01zLRd-ZQHBHYCcVzMaq9zbTls8>
Subject: Re: [sacm] Hackathon Goals and Stretch Goals
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 May 2017 03:33:52 -0000

Just a passing thought, but one might recruit candidates at a known
convention and/or via a Kaizen Capture the Flag (CTF) event -
https://kaizen-ctf.com/

Cheers,
Tim

On May 15, 2017 11:14 PM, "Jerome Athias" <athiasjerome@gmail.com> wrote:

> I think it's a good idea too.
> I don't know who is supposed to participate to this hackathon?
> Potentially you could market it by capitalizing on real known events,
> (without trolling) let's say "new critical vulnerability", "for preventing
> ransomware" "FictitousCorp needs to Respond quickly and have a system to
> Identify and Protect its endpoints..."
>
>
> On Tue, 16 May 2017 at 00:30, Adam Montville <adam.w.montville@gmail.com>
> wrote:
>
>> I think that's a good idea. How do folks feel about this story? Is it
>> lacking anything? Is it too specific? What would you change about it if you
>> could?
>>
>> On Mon, May 15, 2017 at 12:57 PM Waltermire, David A. (Fed) <
>> david.waltermire@nist.gov> wrote:
>>
>>> I was thinking that it would be useful to have a user story to implement
>>> against for the Hackathon. How about something like the following that maps
>>> to our goals:
>>>
>>>
>>>
>>> A vendor identifies a vulnerability in their software product. They
>>> produce a new version of their software and publish a vulnerability
>>> bulletin that indicates customers should upgrade to the new version to
>>> address the vulnerability. The product versions have both a SWID tag and a
>>> CoSWID tag. As a customer of this vendor that uses the affected products,
>>> we need to build a vulnerability assessment system that is capable of
>>> detecting what version of the software is installed and determine if that
>>> version is vulnerable using the vendor provided information. The Collector
>>> will be capable of gathering software inventory information from one or
>>> more target endpoints by:
>>>
>>>
>>>
>>> 1)      Requesting software inventory information for the affected
>>> software based on an ad-hoc request.
>>>
>>> 2)      Reporting the software inventory as software changes occur
>>>
>>>
>>>
>>> Collected software inventory information will be stored in the
>>> Assessment Results Repository and will be compared to vulnerability
>>> detection data retrieved from the Vulnerability Detection Data Repository.
>>> The vulnerability detection data will be derived from the vendor provided
>>> information in some useful way to be determined by the Vulnerability
>>> Assessor.
>>>
>>>
>>>
>>> How does this look?
>>>
>>>
>>>
>>> Regards,
>>>
>>> Dave
>>>
>>>
>>>
>>> *From:* sacm [mailto:sacm-bounces@ietf.org] *On Behalf Of *Adam
>>> Montville
>>> *Sent:* Tuesday, May 09, 2017 3:30 PM
>>> *To:* sacm@ietf.org
>>> *Subject:* Re: [sacm] Hackathon Goals and Stretch Goals
>>>
>>>
>>>
>>> All:
>>>
>>>
>>>
>>> This week Dave and I have had an opportunity to discuss these a bit
>>> further. We've come up with the following set of goals and outcomes:
>>>
>>>
>>>
>>> GOAL: Running code demonstrating the communication needs between
>>> identified components as they pertain to the on-request collection case
>>> through the scenario, where that case is described at
>>> https://trac.ietf.org/trac/sacm/wiki/SacmVulnerabilityAssessmentScenario.
>>> OUTCOME: We will have specific understanding of components' boundaries and
>>> the necessary information flows (including information being communicated)
>>> between them.
>>>
>>>
>>>
>>> GOAL: Leverage existing collected data in a data repository. OUTCOME:
>>> Demonstrate that previously collected data can be reused to support
>>> vulnerability assessment
>>>
>>>
>>>
>>> GOAL: Running code to extend that base case to include a mechanism
>>> capable of monitoring a given set of endpoint attributes for change.
>>> OUTCOME: We will have specific understanding of additional architectural
>>> considerations for handling monitoring vs. on-request collection, as well
>>> as any additional information flows required.
>>>
>>>
>>>
>>> Does anyone care to bash these goal-ouctome pairs in the context of our
>>> hackathon plans?  If so, please do so over the next day or two, otherwise
>>> these will become the stated goals for our hackathon.
>>>
>>>
>>>
>>> Kind regards,
>>>
>>>
>>>
>>> Adam
>>>
>>>
>>>
>>> On Tue, May 2, 2017 at 4:40 PM Adam Montville <
>>> adam.w.montville@gmail.com> wrote:
>>>
>>> All:
>>>
>>>
>>>
>>> Last week Dave sent a list of milestones to the list. The first of which
>>> was for the WG to define some goals for the IETF 99 hackathon. I can see at
>>> least one primary goal with at least one stretch goal. The primary goal is
>>> to have running code demonstrating the basic/ideal case through our
>>> vulnerability scenario, where a new vulnerability is discovered and we need
>>> to reach out all the way to the endpoint to determine whether it is in fact
>>> vulnerable. A stretch goal might be to have running code demonstrating a
>>> "monitor for this vulnerability from now on" capability (I'm sure I'm not
>>> stating that as well as I could).
>>>
>>>
>>>
>>> Does anyone have additional goals? Or, are there better ways to state
>>> these particular goals (there probably are)?
>>>
>>>
>>>
>>> Kind regards,
>>>
>>>
>>>
>>> Adam
>>>
>>> _______________________________________________
>> sacm mailing list
>> sacm@ietf.org
>> https://www.ietf.org/mailman/listinfo/sacm
>>
>
> _______________________________________________
> sacm mailing list
> sacm@ietf.org
> https://www.ietf.org/mailman/listinfo/sacm
>
>

v2.23.0 | Report a Bug | By Email