IETF Logo Mail Archive

Re: [sacm] Hackathon Goals and Stretch Goals

"Waltermire, David A. (Fed)" <david.waltermire@nist.gov> Tue, 16 May 2017 16:51 UTC

Return-Path: <david.waltermire@nist.gov>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 185DF12EB2D for <sacm@ietfa.amsl.com>; Tue, 16 May 2017 09:51:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rmCbzsCEkaTv for <sacm@ietfa.amsl.com>; Tue, 16 May 2017 09:51:43 -0700 (PDT)
Received: from gcc01-CY1-obe.outbound.protection.outlook.com (mail-cy1gcc01on0093.outbound.protection.outlook.com [23.103.200.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE7EF12EB9D for <sacm@ietf.org>; Tue, 16 May 2017 09:47:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=QEQg3MMeQA6msZyqMEsPqmenc1XnlRpAVoUwh3zT6BA=; b=N8q7bzOdUQnPGAcav5c8teX6w6iSDtxRj1y9qkbtxQMIrxATxyL/3j3WSl9NwUbMGKjf60bCXJmfz8XyHIsRManX5eAhbeE2SLJk4SyqvhpVd8ws9f1/Yl6coEeOwSgIBocyUkjAmvRsjNqxcOOuGorRdtsUH+34jyM+2ThO1TA=
Received: from MWHPR09MB1440.namprd09.prod.outlook.com (10.173.50.14) by MWHPR09MB1438.namprd09.prod.outlook.com (10.173.50.12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1084.16; Tue, 16 May 2017 16:47:02 +0000
Received: from MWHPR09MB1440.namprd09.prod.outlook.com ([10.173.50.14]) by MWHPR09MB1440.namprd09.prod.outlook.com ([10.173.50.14]) with mapi id 15.01.1084.029; Tue, 16 May 2017 16:47:02 +0000
From: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
CC: Tim Harrison <timothy.harrison.0@gmail.com>, Jerome Athias <athiasjerome@gmail.com>, "sacm@ietf.org" <sacm@ietf.org>, Adam Montville <adam.w.montville@gmail.com>
Thread-Topic: [sacm] Hackathon Goals and Stretch Goals
Thread-Index: AQHSw40QMlp/vRwKbUKIX+AbOs/aX6Hsbg+AgAlQESCAAD7agIAAYDQAgAAFYYCAAKAswIAAH98AgAAdR5A=
Date: Tue, 16 May 2017 16:47:02 +0000
Message-ID: <MWHPR09MB1440A6ABF21D07E36582B525F0E60@MWHPR09MB1440.namprd09.prod.outlook.com>
References: <CACknUNUhqqdumk1wombsAha0TQS4O4dNpajUs2Ak4jWDWZHXaA@mail.gmail.com> <CACknUNUQ_sgw46GsU8LoOq1puEyo8DUnJ4599h0GE=+Nc2Hxow@mail.gmail.com> <MWHPR09MB1440A80762DE455376735978F0E10@MWHPR09MB1440.namprd09.prod.outlook.com> <CACknUNUA0YH5EXQrPJHMWqfp=PZcVc_FpeTR0T9SmRMsteSvhw@mail.gmail.com> <CAA=AuEf_7A4ObvoiGHHzhtzNTS2B3Wxiz+WcBjwc8dqh4z7h2g@mail.gmail.com> <CAMgsg0dV-YOx6bLM0MQ3PmbH6S1NvzvDEYU88uuKU4SSwQ4JGQ@mail.gmail.com> <MWHPR09MB144096256CEC89A25C3D10D3F0E60@MWHPR09MB1440.namprd09.prod.outlook.com> <CAHbuEH4OWh7srCnbTwU1AYFMos_O-O90oDkgmgVU-PmieGjNnQ@mail.gmail.com>
In-Reply-To: <CAHbuEH4OWh7srCnbTwU1AYFMos_O-O90oDkgmgVU-PmieGjNnQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=nist.gov;
x-originating-ip: [129.6.224.58]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; MWHPR09MB1438; 7:hSYHWa2kbjDny8raCqfsQugWL2fYjNPHcvg45Hkuh3EjyOAihKU0wSdS25t4dazfW9P04pXZV5TrwuO691hKCadXQSz5CjYdLrEEVDo4ODRFEzOeqllP7cT/NlqZLBG+RBFQFfevIp9tv7W7nt7fyRp3G5WjkPFiVrqLKOMdCIp+21w/m6tqX/3PJ8G70YtrQXByNqCdzHLwk9vyiBLg6k/3trpZGXlxMJcqwEB1sBumkKS58mWRlmpW3Ua1tlUTIc4v5htVS77QRgtmt/NvzuJaCF/kqkJgd70CDgmgSpB47DIYH+W9zSm8qY8YsGzfsEQYJrorHZ+6PpZBw18ujQ==
x-ms-office365-filtering-correlation-id: dd702647-b2cc-45ea-342d-08d49c7b2d96
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(48565401081)(201703131423075)(201703031133081); SRVR:MWHPR09MB1438;
x-microsoft-antispam-prvs: <MWHPR09MB1438F50FB42577B7E47746A3F0E60@MWHPR09MB1438.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(65766998875637)(72170088055959)(211171220733660);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(601004)(2401047)(8121501046)(5005006)(93006095)(93001095)(10201501046)(3002001)(6055026)(6041248)(20161123560025)(20161123558100)(20161123564025)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123555025)(6072148); SRVR:MWHPR09MB1438; BCL:0; PCL:0; RULEID:; SRVR:MWHPR09MB1438;
x-forefront-prvs: 03094A4065
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(39850400002)(39410400002)(39450400003)(39840400002)(39400400002)(39860400002)(51444003)(24454002)(13464003)(377454003)(50986999)(76176999)(229853002)(6436002)(54356999)(6506006)(77096006)(8936002)(81166006)(53936002)(8676002)(478600001)(6306002)(54906002)(2906002)(102836003)(99286003)(6116002)(3846002)(66066001)(55016002)(3660700001)(9686003)(189998001)(2900100001)(3280700002)(33656002)(7696004)(5660300001)(74316002)(305945005)(6916009)(2950100002)(7736002)(122556002)(6246003)(93886004)(110136004)(39060400002)(4326008)(53546009)(38730400002)(86362001)(25786009)(966005); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR09MB1438; H:MWHPR09MB1440.namprd09.prod.outlook.com; FPR:; SPF:None; MLV:ovrnspm; PTR:InfoNoRecords; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 May 2017 16:47:02.3639 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR09MB1438
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/AB5hdSRI5Ny8jOnXyej01qGYdUA>
Subject: Re: [sacm] Hackathon Goals and Stretch Goals
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 May 2017 16:51:46 -0000

Kathleen,

Thanks for clarifying the participation model for the Hackathon. The fact that it is open to anyone is important.

As for Tim's email, which CTF event in Prague are you referring to?

I found one hosted by Accenture tomorrow, but I am not aware of one around the time of the IETF.

Regards,
Dave

> -----Original Message-----
> From: Kathleen Moriarty [mailto:kathleen.moriarty.ietf@gmail.com]
> Sent: Tuesday, May 16, 2017 10:58 AM
> To: Waltermire, David A. (Fed) <david.waltermire@nist.gov>
> Cc: Tim Harrison <timothy.harrison.0@gmail.com>; Jerome Athias
> <athiasjerome@gmail.com>; sacm@ietf.org; Adam Montville
> <adam.w.montville@gmail.com>
> Subject: Re: [sacm] Hackathon Goals and Stretch Goals
> 
> Hi,
> 
> Just a couple of points.  If some of you are near enough to Prague and
> wanted to attend the Hackathon, but not the IETF, that is not a problem and
> signup is separate from the IETF registration.  The Hackathon is free to attend
> and open to the public.
> 
> David, I think Tim was just suggesting that people who attend the capture
> the flag event (in Prague), may also be interested in attending the
> Hackathon, so recruiting there could be fruitful.
> 
> Best regards,
> Kathleen
> 
> On Tue, May 16, 2017 at 9:11 AM, Waltermire, David A. (Fed)
> <david.waltermire@nist.gov> wrote:
> > Tim,
> >
> >
> >
> > The Hackathon is more like an interop event than a Capture the Flag
> > (CTF) event. According to the IETF website “IETF Hackathons encourage
> > developers to collaborate and develop utilities, ideas, sample code
> > and solutions that show practical implementations of IETF standards.”
> > [1] What we are planning to do would be to collaboratively develop one
> > or more solutions within the scope of SACM that address the user story.
> >
> >
> >
> > We need volunteers to bring running code to address an aspect of this
> > project. For example, we are bringing 1) a ROLIE implementation that
> > can serve as a Vulnerability Detection Data Repository, and 2)
> > software with a bundled SWID tag and CoSWID tag to be installed on a
> system.
> >
> >
> >
> > Regards,
> >
> > Dave
> >
> >
> >
> > [1] https://www.ietf.org/hackathon/
> >
> >
> >
> > From: Tim Harrison [mailto:timothy.harrison.0@gmail.com]
> > Sent: Monday, May 15, 2017 11:31 PM
> > To: Jerome Athias <athiasjerome@gmail.com>
> > Cc: sacm@ietf.org; Adam Montville <adam.w.montville@gmail.com>;
> > Waltermire, David A. (Fed) <david.waltermire@nist.gov>
> >
> >
> > Subject: Re: [sacm] Hackathon Goals and Stretch Goals
> >
> >
> >
> > Just a passing thought, but one might recruit candidates at a known
> > convention and/or via a Kaizen Capture the Flag (CTF) event -
> > https://kaizen-ctf.com/
> >
> >
> >
> > Cheers,
> >
> > Tim
> >
> >
> >
> > On May 15, 2017 11:14 PM, "Jerome Athias" <athiasjerome@gmail.com>
> wrote:
> >
> > I think it's a good idea too.
> >
> > I don't know who is supposed to participate to this hackathon?
> >
> > Potentially you could market it by capitalizing on real known events,
> > (without trolling) let's say "new critical vulnerability", "for
> > preventing ransomware" "FictitousCorp needs to Respond quickly and
> > have a system to Identify and Protect its endpoints..."
> >
> >
> >
> >
> >
> > On Tue, 16 May 2017 at 00:30, Adam Montville
> > <adam.w.montville@gmail.com>
> > wrote:
> >
> > I think that's a good idea. How do folks feel about this story? Is it
> > lacking anything? Is it too specific? What would you change about it
> > if you could?
> >
> >
> >
> > On Mon, May 15, 2017 at 12:57 PM Waltermire, David A. (Fed)
> > <david.waltermire@nist.gov> wrote:
> >
> > I was thinking that it would be useful to have a user story to
> > implement against for the Hackathon. How about something like the
> > following that maps to our goals:
> >
> >
> >
> > A vendor identifies a vulnerability in their software product. They
> > produce a new version of their software and publish a vulnerability
> > bulletin that indicates customers should upgrade to the new version to
> > address the vulnerability. The product versions have both a SWID tag and a
> CoSWID tag.
> > As a customer of this vendor that uses the affected products, we need
> > to build a vulnerability assessment system that is capable of
> > detecting what version of the software is installed and determine if
> > that version is vulnerable using the vendor provided information. The
> > Collector will be capable of gathering software inventory information
> > from one or more target endpoints by:
> >
> >
> >
> > 1)      Requesting software inventory information for the affected software
> > based on an ad-hoc request.
> >
> > 2)      Reporting the software inventory as software changes occur
> >
> >
> >
> > Collected software inventory information will be stored in the
> > Assessment Results Repository and will be compared to vulnerability
> > detection data retrieved from the Vulnerability Detection Data
> > Repository. The vulnerability detection data will be derived from the
> > vendor provided information in some useful way to be determined by the
> > Vulnerability Assessor.
> >
> >
> >
> > How does this look?
> >
> >
> >
> > Regards,
> >
> > Dave
> >
> >
> >
> > From: sacm [mailto:sacm-bounces@ietf.org] On Behalf Of Adam Montville
> > Sent: Tuesday, May 09, 2017 3:30 PM
> > To: sacm@ietf.org
> > Subject: Re: [sacm] Hackathon Goals and Stretch Goals
> >
> >
> >
> > All:
> >
> >
> >
> > This week Dave and I have had an opportunity to discuss these a bit
> further.
> > We've come up with the following set of goals and outcomes:
> >
> >
> >
> > GOAL: Running code demonstrating the communication needs between
> > identified components as they pertain to the on-request collection
> > case through the scenario, where that case is described at
> >
> https://trac.ietf.org/trac/sacm/wiki/SacmVulnerabilityAssessmentScenario.
> > OUTCOME: We will have specific understanding of components'
> boundaries
> > and the necessary information flows (including information being
> > communicated) between them.
> >
> >
> >
> > GOAL: Leverage existing collected data in a data repository. OUTCOME:
> > Demonstrate that previously collected data can be reused to support
> > vulnerability assessment
> >
> >
> >
> > GOAL: Running code to extend that base case to include a mechanism
> > capable of monitoring a given set of endpoint attributes for change.
> > OUTCOME: We will have specific understanding of additional
> > architectural considerations for handling monitoring vs. on-request
> > collection, as well as any additional information flows required.
> >
> >
> >
> > Does anyone care to bash these goal-ouctome pairs in the context of
> > our hackathon plans?  If so, please do so over the next day or two,
> > otherwise these will become the stated goals for our hackathon.
> >
> >
> >
> > Kind regards,
> >
> >
> >
> > Adam
> >
> >
> >
> > On Tue, May 2, 2017 at 4:40 PM Adam Montville
> > <adam.w.montville@gmail.com>
> > wrote:
> >
> > All:
> >
> >
> >
> > Last week Dave sent a list of milestones to the list. The first of
> > which was for the WG to define some goals for the IETF 99 hackathon. I
> > can see at least one primary goal with at least one stretch goal. The
> > primary goal is to have running code demonstrating the basic/ideal
> > case through our vulnerability scenario, where a new vulnerability is
> > discovered and we need to reach out all the way to the endpoint to
> > determine whether it is in fact vulnerable. A stretch goal might be to
> > have running code demonstrating a "monitor for this vulnerability from
> > now on" capability (I'm sure I'm not stating that as well as I could).
> >
> >
> >
> > Does anyone have additional goals? Or, are there better ways to state
> > these particular goals (there probably are)?
> >
> >
> >
> > Kind regards,
> >
> >
> >
> > Adam
> >
> > _______________________________________________
> > sacm mailing list
> > sacm@ietf.org
> > https://www.ietf.org/mailman/listinfo/sacm
> >
> >
> > _______________________________________________
> > sacm mailing list
> > sacm@ietf.org
> > https://www.ietf.org/mailman/listinfo/sacm
> >
> >
> > _______________________________________________
> > sacm mailing list
> > sacm@ietf.org
> > https://www.ietf.org/mailman/listinfo/sacm
> >
> 
> 
> 
> --
> 
> Best regards,
> Kathleen

v2.23.0 | Report a Bug | By Email