Re: [sacm] Component Communication Sequence (Was - Re: Components for Vulnerability Assessment)
Jerome Athias <jerome.athias@protonmail.com> Mon, 22 May 2017 17:35 UTC
Return-Path: <jerome.athias@protonmail.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 160EF126C2F for <sacm@ietfa.amsl.com>; Mon, 22 May 2017 10:35:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=protonmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id goh4zAAHMKlw for <sacm@ietfa.amsl.com>; Mon, 22 May 2017 10:35:40 -0700 (PDT)
Received: from mail2.protonmail.ch (mail2.protonmail.ch [185.70.40.22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 276ED1200ED for <sacm@ietf.org>; Mon, 22 May 2017 10:35:40 -0700 (PDT)
Date: Mon, 22 May 2017 13:35:31 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=default; t=1495474537; bh=eYkpamA7HtfOXIaQG3GwbNF4lDHZMXnmSgWdALwrLGk=; h=To:From:Cc:Reply-To:Subject:In-Reply-To:References:Feedback-ID: From; b=XZjn9h046dISwRjGAj+Pd9SbqDo+Nzc1t6Y0LpgVRNErWKUL3NT47Vc/Xh/oWGGMR mkRzW+6GHgY8mLSqotiJxBEIYT9Qqze9CZD60T00MvdO5aRtGxGYvfCmfqEONSIQNh ivGnUHN2XjrjH6DmEhhtAcnVhkNR4IEBEk2coKxc=
To: "Haynes, Dan" <dhaynes@mitre.org>
From: Jerome Athias <jerome.athias@protonmail.com>
Cc: Adam Montville <adam.w.montville@gmail.com>, "sacm@ietf.org" <sacm@ietf.org>
Reply-To: Jerome Athias <jerome.athias@protonmail.com>
Message-ID: <HbfjgMpKY3q_sRP640Hqfw-L5oZiPnlKCBMq5Fyw9eEIpu4wODdzDfuk2quuH5vSBwkU3GaBA_ZbF_cFuLDkYrEW7bmFpyrWwIF_16Ulm_8=@protonmail.com>
In-Reply-To: <DM5PR09MB135448EED5B0AF26E47C0BC1A5F80@DM5PR09MB1354.namprd09.prod.outlook.com>
References: <CACknUNUNhCCV8LRDpjEm1SvgwpLq+NEEDbc3LOPYzMyRbmfy9w@mail.gmail.com> <CACknUNXtxuHKcO35vzNR79m--UfNP4E5tRMSFr=WXJpbdQOCrw@mail.gmail.com> <CACknUNW9A0dttxjzAymS0CqN3eF7z63GyCecnn4y6QMUcpgt3g@mail.gmail.com> <iFofHfKOzZW3sMvsW6tHUfYfKDFhsCCGQRNwrebcrYJ3xzGcxK4p-2EYUTVnZgD9VjwIqqWGlpqreM0LVVMVy3QTq9Pc6PXAyxQLgOX5kSU=@protonmail.com> <CACknUNXFNPu+SRbGwP0zdr-GQQ8fvyFkfq-E2sMC2uKM1tVOpA@mail.gmail.com> <DM5PR09MB13549D43EE6B18208C39FCF6A5E70@DM5PR09MB1354.namprd09.prod.outlook.com> <CACknUNW7+y6c93y5UNgEVs69sdf6PK7rRpHw-F7GhFanZCFXFQ@mail.gmail.com> <DM5PR09MB1354DE08127393031FFC9F86A5E50@DM5PR09MB1354.namprd09.prod.outlook.com> <DM5PR09MB135448EED5B0AF26E47C0BC1A5F80@DM5PR09MB1354.namprd09.prod.outlook.com>
Feedback-ID: 0pNaUpQyJcJ_FqKgvRh59kNH9tw1YU9Hb7-41TF1UFya4DA0ft6-ejYSrPjLLQWz-KcGUoHsZH8z6Hzy-ZW3EA==:Ext:ProtonMail
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="b1_c39593d93c08f35854f020b3be41dcd5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/8clR9nR-ZNk9HGpLAcE-8BCgrFM>
Subject: Re: [sacm] Component Communication Sequence (Was - Re: Components for Vulnerability Assessment)
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 May 2017 17:35:43 -0000
That looks like reasonable to me. Thank you -------- Original Message -------- Subject: Re: [sacm] Component Communication Sequence (Was - Re: Components for Vulnerability Assessment) Local Time: May 22, 2017 8:24 PM UTC Time: May 22, 2017 5:24 PM From: dhaynes@mitre.org To: "Haynes, Dan" <dhaynes@mitre.org>, Adam Montville <adam.w.montville@gmail.com>, Jerome Athias <jerome.athias@protonmail.com> sacm@ietf.org <sacm@ietf.org> I just updated the “Vulnerability Description Information” section in the Vulnerability Assessment Scenario wiki [1] to include the following statement. “The enterprise is responsible for determining the sources of vulnerability description information as well as which vulnerability description information is converted into vulnerability detection data.” Jerome, I think this should address your comment about giving the enterprise the flexibility to determine which of the vulnerability description information is converted into vulnerability detection data. Let me know if it is missing anything or if there is anything that could be improved. Thanks, Danny [1] https://trac.ietf.org/trac/sacm/wiki/SacmVulnerabilityAssessmentScenario
- Re: [sacm] Components for Vulnerability Assessment Henk Birkholz
- [sacm] Components for Vulnerability Assessment Adam Montville
- Re: [sacm] Components for Vulnerability Assessment Haynes, Dan
- Re: [sacm] Components for Vulnerability Assessment Haynes, Dan
- Re: [sacm] Components for Vulnerability Assessment Adam Montville
- Re: [sacm] Components for Vulnerability Assessment Carl-Heinz Genzel
- Re: [sacm] Components for Vulnerability Assessment Muhammad Nasir Mumtaz Bhutta
- Re: [sacm] Components for Vulnerability Assessment Haynes, Dan
- Re: [sacm] Components for Vulnerability Assessment Haynes, Dan
- Re: [sacm] Components for Vulnerability Assessment Adam Montville
- Re: [sacm] Components for Vulnerability Assessment Adam Montville
- Re: [sacm] Components for Vulnerability Assessment Adam Montville
- [sacm] Component Communication Sequence (Was - Re… Adam Montville
- Re: [sacm] Component Communication Sequence (Was … Jerome Athias
- Re: [sacm] Component Communication Sequence (Was … Adam Montville
- Re: [sacm] Component Communication Sequence (Was … Haynes, Dan
- Re: [sacm] Component Communication Sequence (Was … Adam Montville
- Re: [sacm] Component Communication Sequence (Was … Haynes, Dan
- Re: [sacm] Component Communication Sequence (Was … Haynes, Dan
- Re: [sacm] Component Communication Sequence (Was … Jerome Athias
- Re: [sacm] Component Communication Sequence (Was … Adam Montville