IETF Logo Mail Archive

Re: [sacm] Identifying Vulnerability Assessment Code

Adam Montville <adam.w.montville@gmail.com> Fri, 19 May 2017 13:52 UTC

Return-Path: <adam.w.montville@gmail.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B595126D05 for <sacm@ietfa.amsl.com>; Fri, 19 May 2017 06:52:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.001
X-Spam-Level:
X-Spam-Status: No, score=0.001 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lJgfQlyMz4Zn for <sacm@ietfa.amsl.com>; Fri, 19 May 2017 06:52:55 -0700 (PDT)
Received: from mail-io0-x230.google.com (mail-io0-x230.google.com [IPv6:2607:f8b0:4001:c06::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A76BA126C89 for <sacm@ietf.org>; Fri, 19 May 2017 06:52:55 -0700 (PDT)
Received: by mail-io0-x230.google.com with SMTP id k91so47661626ioi.1 for <sacm@ietf.org>; Fri, 19 May 2017 06:52:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=fU53S7TsdO603JeknMxLZnO7xbo/IaLgE5GMQxa8fw0=; b=oRT9/4iUUQn44ZVD1IUcu8tRzJSLze2mU10a2IGRYJUgtwfQil3qmnS6/7Yb7vnVpt 5w+dK3yEvFlL7ZfQ7RuZF5zm7bKnT088wV8zoJO5y81gMLda3iegff5REPAf5nHrwY9D 6QOxJte2sPXH4jrRxges/Fwhl6fs8DszoTHRTPngUmDkq7VoEITOc1YqEQ2PyZngM1ZN AGeOhnIfePGiQc6sTEGr5NjOUwicha3P2/fXvAaDTML+j3tLNtcPgGUXAIqQluxxefm5 0xGxKwbpbmoQQpqPDiwh31FmWRgVPy4elCNiKIM1TW3UURYArtJbM79z5+MfgDGiO/1H tWUw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=fU53S7TsdO603JeknMxLZnO7xbo/IaLgE5GMQxa8fw0=; b=GBWQwQpJIRuxBFN8iVoDuhsChR3ZacUuqR7TyczoY8xtxvd8Uj3BcJClvyfOko8dIJ vt9WZmLnyl90BaFw9ZkT8G+xi7H43y7CqbxGfhqzT2dYDjrW2sCeE6rEgutRxgfAWUmg 0ZlQPeTaddtwUSSAgQKuPHYQGlp12J9YZel90x8sX/eMTL9smfBCImMebBAh4By2rijs oqjbgJDSImAOGyl0v35Pyr33RuOvqqWcG7T2aTUTU27uOg0Ta0383HiEF73jWKdnnU+O FM2NAscvukao7cyZZNWbHo6/jLHuhWVRs1td2lMnK9fB32OdelofPZD9e3SM6mZf/ELN IlYg==
X-Gm-Message-State: AODbwcD3nBM7czH2RdIuLVEYHrihXEFcA7eSZQMIwCy1ANUAQp1jh727 c1a/Bp3rKwL0duHS0EJiKQE+qpFZWr+q
X-Received: by 10.107.176.131 with SMTP id z125mr9780110ioe.161.1495201974804; Fri, 19 May 2017 06:52:54 -0700 (PDT)
MIME-Version: 1.0
References: <CACknUNWs8_4pBWPJHNyzVjb+aT3mb1=MqWEnyoWPiOzkz7jZEA@mail.gmail.com>
In-Reply-To: <CACknUNWs8_4pBWPJHNyzVjb+aT3mb1=MqWEnyoWPiOzkz7jZEA@mail.gmail.com>
From: Adam Montville <adam.w.montville@gmail.com>
Date: Fri, 19 May 2017 13:52:44 +0000
Message-ID: <CACknUNW3QdErf6E6LBCm4m2Y+RAgnkTjUk0FMCG27Rqm7pxSCA@mail.gmail.com>
To: "sacm@ietf.org" <sacm@ietf.org>
Content-Type: multipart/alternative; boundary="001a114532ba939a12054fe0d63b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/MQImYf-CXpNSB_0lxMHuax34ZWE>
Subject: Re: [sacm] Identifying Vulnerability Assessment Code
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 May 2017 13:52:57 -0000

I'm resending this call to the list. We have some contributions already
indicated, but we could use more. Specifically, we don't have an endpoint
repository at this point. Does anyone have any ideas of what we might use
for that?

I know there are some free/open source tools out there targeting
endpoint/asset management. Here's a list of a few of them:

   - Assetview: https://www.qualys.com/free-tools-trials/
   - NEWT Professional Network Inventory:
   http://www.komodolabs.com/network-inventory/
   - OCS Inventory-NG: http://www.ocsinventory-ng.org/en/
   - Open-AudIT: http://www.open-audit.org/
   - Snipe-IT: https://snipeitapp.com/


CIS will provide an operational environment with endpoints in AWS.

Kind regards,

Adam

On Tue, May 16, 2017 at 8:07 AM Adam Montville <adam.w.montville@gmail.com>
wrote:

> All:
>
> Last week a list of goals were sent to this list [1]. I did see some
> back-channel conversation, but nothing that made its way to the list. Then,
> those are our stated goals, and it is now time to start considering what
> code may already exist for our agreed upon components. Once again, these
> components are listed at [2] and repeated here:
>
> * Vulnerability Detection Data Repository
> * Vulnerability Assessor
> * Endpoint Repository
> * Collector
> * Target Endpoint
> * Assessment Results Repository
>
> We need to drive this to some conclusion relatively quickly. If you have
> or know of components filling these roles, please respond by the end of
> this week. Note that the target endpoint component will likely be
> determined based on which real-world vulnerability(ies) we choose to deal
> with as part of this exercise.
>
> Kind regards,
>
> Adam
>
>
> [1] https://mailarchive.ietf.org/arch/msg/sacm/LskQ7tj9Wvy1-0DSlEN_VakYj64
>
> [2] https://mailarchive.ietf.org/arch/msg/sacm/w_kL2vzDBPk0NN9N1WQcpb3Qwfw
>
>

v2.23.0 | Report a Bug | By Email