IETF Logo Mail Archive

Re: [sacm] Hackathon Goals and Stretch Goals

Adam Montville <adam.w.montville@gmail.com> Tue, 16 May 2017 12:55 UTC

Return-Path: <adam.w.montville@gmail.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 87FB0126CC4 for <sacm@ietfa.amsl.com>; Tue, 16 May 2017 05:55:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id trRhBrQlBU_o for <sacm@ietfa.amsl.com>; Tue, 16 May 2017 05:55:28 -0700 (PDT)
Received: from mail-io0-x22a.google.com (mail-io0-x22a.google.com [IPv6:2607:f8b0:4001:c06::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C29C712EB92 for <sacm@ietf.org>; Tue, 16 May 2017 05:51:48 -0700 (PDT)
Received: by mail-io0-x22a.google.com with SMTP id o12so92688712iod.3 for <sacm@ietf.org>; Tue, 16 May 2017 05:51:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=LjyWbKqhelUKnHDYpWbO4mVL1ZfDNUKI8ZNyz/b9cMA=; b=L60lkvcpBsF4K1JfOSIH5CgstdevlzK8Edy4LMm79LtGOfakwkaigOhXBr8dDU207r 96KiLSCWuxl5sQ8Jp0nlgc2fFrHifKF28EfJhBgW/snBNeomf7DzQx2FTOah0kcK5iIJ fytWiKwdYCIyf+rbKfRNdFj2wyYOR5yJHM1er5kxjHrQR8oClYlkbvkkdigNFHPK/u8S dTluG1AUhpalrbE7wXaCaEC3WA1whVFIjy1IhWGym+NK+gbs/huh62/GkgU12xXsqWls Z+4zw0CcCyoJXJl/aBA2J/abOxHZF3nRG3sZgOnP4HK2u3TSLG60RPwsBTloKMccgsZL Cgpg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=LjyWbKqhelUKnHDYpWbO4mVL1ZfDNUKI8ZNyz/b9cMA=; b=TkFe1p5n5pXvYP2fkktt+3nwQGk0WKGrZRglIRs37LpOQadbwy4QVfuWQZAf3t9iY+ VeP1j970J6JkKtAnhTDK5m/drCN6g71TY7hvqYCgd3uuuDWlFROhqYNjrJWiYfYnMaKV K8VIvnuzodO+tboLcv0ZMUVq9nxWLHiVd54PMUAYFaBrV5pA8Oe/D2IHw2+jRi97ppqL 9XFSI7C6pKBpMiY0hYVLJ3Ff6xGB65SHZjpC4HE0PxeBa0Y09T5et/FSMY972qs6mupk z0YJxz8Mq0qL9xnMsbh3svQTygIa3FxY6B00/aRRGIpv0czV+cw6TC4YmUaHjNMabzNe r61Q==
X-Gm-Message-State: AODbwcAdlU8FBa+kKveJ1FDOZwJ7wUtl7sqWEPx8yGUNXOJwoAIxKBXW 08f4PngRTdvjocNc4nK6o/oEI7wNkA==
X-Received: by 10.107.176.131 with SMTP id z125mr10314918ioe.161.1494939108130; Tue, 16 May 2017 05:51:48 -0700 (PDT)
MIME-Version: 1.0
References: <CACknUNUhqqdumk1wombsAha0TQS4O4dNpajUs2Ak4jWDWZHXaA@mail.gmail.com> <CACknUNUQ_sgw46GsU8LoOq1puEyo8DUnJ4599h0GE=+Nc2Hxow@mail.gmail.com> <MWHPR09MB1440A80762DE455376735978F0E10@MWHPR09MB1440.namprd09.prod.outlook.com> <CACknUNUA0YH5EXQrPJHMWqfp=PZcVc_FpeTR0T9SmRMsteSvhw@mail.gmail.com> <CAA=AuEf_7A4ObvoiGHHzhtzNTS2B3Wxiz+WcBjwc8dqh4z7h2g@mail.gmail.com>
In-Reply-To: <CAA=AuEf_7A4ObvoiGHHzhtzNTS2B3Wxiz+WcBjwc8dqh4z7h2g@mail.gmail.com>
From: Adam Montville <adam.w.montville@gmail.com>
Date: Tue, 16 May 2017 12:51:37 +0000
Message-ID: <CACknUNVD0=TgxT_sQf0zteSWuLx8gEQSy5BqzjH9MDTxvSnTpQ@mail.gmail.com>
To: Jerome Athias <athiasjerome@gmail.com>, "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>, "sacm@ietf.org" <sacm@ietf.org>
Content-Type: multipart/alternative; boundary="001a114532ba8049f4054fa3a23b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/KWe79fhrYWTpgz5hyJ_ZpUQtYHs>
Subject: Re: [sacm] Hackathon Goals and Stretch Goals
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 May 2017 12:55:32 -0000

Hi Jerome,

Well, pretty much anyone can participate - it's not a closed group or
anything like that - but it does need to be coordinated. We anticipate a
lot of work to happen before the face-to-face in Prague, and hope that the
face-to-face is really a couple of days buttoning things up.

I don't mind altering the user story a bit to take some advantage of recent
events - it's no secret that these are the sort of issues for which we
would like to provide solutions.

What do others think? Dave, you're the author of the story, what are your
thoughts?

Adam

On Mon, May 15, 2017 at 10:11 PM Jerome Athias <athiasjerome@gmail.com>
wrote:

> I think it's a good idea too.
> I don't know who is supposed to participate to this hackathon?
> Potentially you could market it by capitalizing on real known events,
> (without trolling) let's say "new critical vulnerability", "for preventing
> ransomware" "FictitousCorp needs to Respond quickly and have a system to
> Identify and Protect its endpoints..."
>
>
> On Tue, 16 May 2017 at 00:30, Adam Montville <adam.w.montville@gmail.com>
> wrote:
>
>> I think that's a good idea. How do folks feel about this story? Is it
>> lacking anything? Is it too specific? What would you change about it if you
>> could?
>>
>> On Mon, May 15, 2017 at 12:57 PM Waltermire, David A. (Fed) <
>> david.waltermire@nist.gov> wrote:
>>
>>> I was thinking that it would be useful to have a user story to implement
>>> against for the Hackathon. How about something like the following that maps
>>> to our goals:
>>>
>>>
>>>
>>> A vendor identifies a vulnerability in their software product. They
>>> produce a new version of their software and publish a vulnerability
>>> bulletin that indicates customers should upgrade to the new version to
>>> address the vulnerability. The product versions have both a SWID tag and a
>>> CoSWID tag. As a customer of this vendor that uses the affected products,
>>> we need to build a vulnerability assessment system that is capable of
>>> detecting what version of the software is installed and determine if that
>>> version is vulnerable using the vendor provided information. The Collector
>>> will be capable of gathering software inventory information from one or
>>> more target endpoints by:
>>>
>>>
>>>
>>> 1)      Requesting software inventory information for the affected
>>> software based on an ad-hoc request.
>>>
>>> 2)      Reporting the software inventory as software changes occur
>>>
>>>
>>>
>>> Collected software inventory information will be stored in the
>>> Assessment Results Repository and will be compared to vulnerability
>>> detection data retrieved from the Vulnerability Detection Data Repository.
>>> The vulnerability detection data will be derived from the vendor provided
>>> information in some useful way to be determined by the Vulnerability
>>> Assessor.
>>>
>>>
>>>
>>> How does this look?
>>>
>>>
>>>
>>> Regards,
>>>
>>> Dave
>>>
>>>
>>>
>>> *From:* sacm [mailto:sacm-bounces@ietf.org] *On Behalf Of *Adam
>>> Montville
>>> *Sent:* Tuesday, May 09, 2017 3:30 PM
>>> *To:* sacm@ietf.org
>>> *Subject:* Re: [sacm] Hackathon Goals and Stretch Goals
>>>
>>>
>>>
>>> All:
>>>
>>>
>>>
>>> This week Dave and I have had an opportunity to discuss these a bit
>>> further. We've come up with the following set of goals and outcomes:
>>>
>>>
>>>
>>> GOAL: Running code demonstrating the communication needs between
>>> identified components as they pertain to the on-request collection case
>>> through the scenario, where that case is described at
>>> https://trac.ietf.org/trac/sacm/wiki/SacmVulnerabilityAssessmentScenario.
>>> OUTCOME: We will have specific understanding of components' boundaries and
>>> the necessary information flows (including information being communicated)
>>> between them.
>>>
>>>
>>>
>>> GOAL: Leverage existing collected data in a data repository. OUTCOME:
>>> Demonstrate that previously collected data can be reused to support
>>> vulnerability assessment
>>>
>>>
>>>
>>> GOAL: Running code to extend that base case to include a mechanism
>>> capable of monitoring a given set of endpoint attributes for change.
>>> OUTCOME: We will have specific understanding of additional architectural
>>> considerations for handling monitoring vs. on-request collection, as well
>>> as any additional information flows required.
>>>
>>>
>>>
>>> Does anyone care to bash these goal-ouctome pairs in the context of our
>>> hackathon plans?  If so, please do so over the next day or two, otherwise
>>> these will become the stated goals for our hackathon.
>>>
>>>
>>>
>>> Kind regards,
>>>
>>>
>>>
>>> Adam
>>>
>>>
>>>
>>> On Tue, May 2, 2017 at 4:40 PM Adam Montville <
>>> adam.w.montville@gmail.com> wrote:
>>>
>>> All:
>>>
>>>
>>>
>>> Last week Dave sent a list of milestones to the list. The first of which
>>> was for the WG to define some goals for the IETF 99 hackathon. I can see at
>>> least one primary goal with at least one stretch goal. The primary goal is
>>> to have running code demonstrating the basic/ideal case through our
>>> vulnerability scenario, where a new vulnerability is discovered and we need
>>> to reach out all the way to the endpoint to determine whether it is in fact
>>> vulnerable. A stretch goal might be to have running code demonstrating a
>>> "monitor for this vulnerability from now on" capability (I'm sure I'm not
>>> stating that as well as I could).
>>>
>>>
>>>
>>> Does anyone have additional goals? Or, are there better ways to state
>>> these particular goals (there probably are)?
>>>
>>>
>>>
>>> Kind regards,
>>>
>>>
>>>
>>> Adam
>>>
>>> _______________________________________________
>> sacm mailing list
>> sacm@ietf.org
>> https://www.ietf.org/mailman/listinfo/sacm
>>
>

v2.23.0 | Report a Bug | By Email