IETF Logo Mail Archive

Re: [sacm] Identifying Vulnerability Assessment Code

"Waltermire, David A. (Fed)" <david.waltermire@nist.gov> Fri, 19 May 2017 14:01 UTC

Return-Path: <david.waltermire@nist.gov>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8529E126BF7 for <sacm@ietfa.amsl.com>; Fri, 19 May 2017 07:01:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X1gp1zr4oRWX for <sacm@ietfa.amsl.com>; Fri, 19 May 2017 07:01:16 -0700 (PDT)
Received: from gcc01-dm2-obe.outbound.protection.outlook.com (mail-dm2gcc01on0094.outbound.protection.outlook.com [23.103.201.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4FB861201F8 for <sacm@ietf.org>; Fri, 19 May 2017 07:01:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=qEL2usbILZlgX+bF6cnKkq+TDgnoPRHBmNW4dzu8Xgc=; b=K6Cdn5w/Z9qHtcGaveBguGAjr+g6j4kpbfEOTyb0/JKFubdThdxOXW5T/szvq31arwcqMfw0pJBZ0ZRBft2QQbYZirutcYcbOaCgoH+IhvWufo9ln5L/b+6p4RqHwFUEHoJYZI2qnzqxOr3VBl5K469ct9F8QCJxQ2NMxl4cgZc=
Received: from MWHPR09MB1440.namprd09.prod.outlook.com (10.173.50.14) by MWHPR09MB1437.namprd09.prod.outlook.com (10.173.50.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1101.14; Fri, 19 May 2017 14:01:14 +0000
Received: from MWHPR09MB1440.namprd09.prod.outlook.com ([10.173.50.14]) by MWHPR09MB1440.namprd09.prod.outlook.com ([10.173.50.14]) with mapi id 15.01.1101.019; Fri, 19 May 2017 14:01:14 +0000
From: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
To: Adam Montville <adam.w.montville@gmail.com>, "sacm@ietf.org" <sacm@ietf.org>
Thread-Topic: [sacm] Identifying Vulnerability Assessment Code
Thread-Index: AQHSzkXp2kz9aOAaXECMtTNdLMjAOKH7sdUAgAABvgA=
Date: Fri, 19 May 2017 14:01:13 +0000
Message-ID: <MWHPR09MB14402C690DFD87A583424408F0E50@MWHPR09MB1440.namprd09.prod.outlook.com>
References: <CACknUNWs8_4pBWPJHNyzVjb+aT3mb1=MqWEnyoWPiOzkz7jZEA@mail.gmail.com> <CACknUNW3QdErf6E6LBCm4m2Y+RAgnkTjUk0FMCG27Rqm7pxSCA@mail.gmail.com>
In-Reply-To: <CACknUNW3QdErf6E6LBCm4m2Y+RAgnkTjUk0FMCG27Rqm7pxSCA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=david.waltermire@nist.gov;
x-originating-ip: [129.6.219.73]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; MWHPR09MB1437; 7:A5FWpLkIxSA7mgU9qtlPMxr7+2WlOc1fgy5hcCVO4xpx2svkA2RfxFiHiAuW9J5VzlQO4alcVpVlLbfL7GAc4rOrYdX7Nj7YRw2oJyUunXHhzSSmthRik09mkmkJ88PMZg/tkDG/6VHImgJHH4coxa3rf/ugVqZyOgFh6xtVR/xDlnyI839UYk/WqJOwqg56zlt9mYONMXvE+Huq8XIks4ziTf7CFTt9XsmSj4rTpfEPxUojbLtjDtqCADWZNucSugrpPII6P0YZeEzCDlEHeiMFUgIgH6cFzmF5JMXTu63pVhqze+rO24JaPTdDWlrTVBTTnETPPIJel/IiL6A/wA==
x-ms-traffictypediagnostic: MWHPR09MB1437:
x-ms-office365-filtering-correlation-id: dc52af75-df67-499b-c52c-08d49ebf831f
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(48565401081)(201703131423075)(201703031133081); SRVR:MWHPR09MB1437;
x-microsoft-antispam-prvs: <MWHPR09MB14371B1BCF892AFCCF74261CF0E50@MWHPR09MB1437.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(77448530787128)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(601004)(2401047)(5005006)(8121501046)(3002001)(93006095)(93001095)(10201501046)(6055026)(6041248)(20161123558100)(20161123562025)(20161123564025)(20161123555025)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148); SRVR:MWHPR09MB1437; BCL:0; PCL:0; RULEID:; SRVR:MWHPR09MB1437;
x-forefront-prvs: 031257FE13
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39400400002)(39850400002)(39860400002)(39450400003)(39410400002)(39840400002)(189002)(24454002)(199003)(377454003)(54896002)(9686003)(6306002)(236005)(33656002)(7906003)(74316002)(2900100001)(38730400002)(19609705001)(99286003)(55016002)(575784001)(86362001)(50986999)(2906002)(54356999)(66066001)(76176999)(6246003)(229853002)(7696004)(2501003)(39060400002)(7736002)(3660700001)(189998001)(3280700002)(25786009)(53936002)(6116002)(790700001)(102836003)(2950100002)(77096006)(53546009)(3846002)(6506006)(478600001)(8936002)(8676002)(122556002)(966005)(6436002)(81166006)(5660300001)(606005); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR09MB1437; H:MWHPR09MB1440.namprd09.prod.outlook.com; FPR:; SPF:None; MLV:ovrnspm; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_MWHPR09MB14402C690DFD87A583424408F0E50MWHPR09MB1440namp_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 May 2017 14:01:13.8849 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR09MB1437
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/GMFxdAhv9bPkoRVCcnZRuCPEODw>
Subject: Re: [sacm] Identifying Vulnerability Assessment Code
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 May 2017 14:01:23 -0000

I mentioned this in another thread.

I can bring some software that has a SWID tag and a CoSWID tag bundled that can be installed on a device. I can even provide multiple versions of the same software to simulate a release -> vulnerability -> update/patch cycle.

Regards,
Dave

From: sacm [mailto:sacm-bounces@ietf.org] On Behalf Of Adam Montville
Sent: Friday, May 19, 2017 9:53 AM
To: sacm@ietf.org
Subject: Re: [sacm] Identifying Vulnerability Assessment Code

I'm resending this call to the list. We have some contributions already indicated, but we could use more. Specifically, we don't have an endpoint repository at this point. Does anyone have any ideas of what we might use for that?

I know there are some free/open source tools out there targeting endpoint/asset management. Here's a list of a few of them:

  *   Assetview: https://www.qualys.com/free-tools-trials/
  *   NEWT Professional Network Inventory: http://www.komodolabs.com/network-inventory/
  *   OCS Inventory-NG: http://www.ocsinventory-ng.org/en/
  *   Open-AudIT: http://www.open-audit.org/
  *   Snipe-IT: https://snipeitapp.com/

CIS will provide an operational environment with endpoints in AWS.

Kind regards,

Adam
On Tue, May 16, 2017 at 8:07 AM Adam Montville <adam.w.montville@gmail.com<mailto:adam.w.montville@gmail.com>> wrote:
All:

Last week a list of goals were sent to this list [1]. I did see some back-channel conversation, but nothing that made its way to the list. Then, those are our stated goals, and it is now time to start considering what code may already exist for our agreed upon components. Once again, these components are listed at [2] and repeated here:

* Vulnerability Detection Data Repository
* Vulnerability Assessor
* Endpoint Repository
* Collector
* Target Endpoint
* Assessment Results Repository

We need to drive this to some conclusion relatively quickly. If you have or know of components filling these roles, please respond by the end of this week. Note that the target endpoint component will likely be determined based on which real-world vulnerability(ies) we choose to deal with as part of this exercise.

Kind regards,

Adam


[1] https://mailarchive.ietf.org/arch/msg/sacm/LskQ7tj9Wvy1-0DSlEN_VakYj64
[2] https://mailarchive.ietf.org/arch/msg/sacm/w_kL2vzDBPk0NN9N1WQcpb3Qwfw

v2.23.0 | Report a Bug | By Email