[sacm] Identifying Vulnerability Assessment Code
Adam Montville <adam.w.montville@gmail.com> Tue, 16 May 2017 13:11 UTC
Return-Path: <adam.w.montville@gmail.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3ADFD12956B for <sacm@ietfa.amsl.com>; Tue, 16 May 2017 06:11:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.002
X-Spam-Level:
X-Spam-Status: No, score=0.002 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g1dfpO7OA2-t for <sacm@ietfa.amsl.com>; Tue, 16 May 2017 06:11:12 -0700 (PDT)
Received: from mail-io0-x22a.google.com (mail-io0-x22a.google.com [IPv6:2607:f8b0:4001:c06::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 67D6112EB5B for <sacm@ietf.org>; Tue, 16 May 2017 06:07:16 -0700 (PDT)
Received: by mail-io0-x22a.google.com with SMTP id f102so92636745ioi.2 for <sacm@ietf.org>; Tue, 16 May 2017 06:07:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=oI2tcLs2VlqD/HncT8zaFGW4c8yfqkXH+c8fu0xgo14=; b=mQ0JW2iZ5f/zEhUUGRh7FyGLPGypuxX4/P6ACWPPi10Ifq5lSGxbVm8KuSspMFd0s2 rRPaiWnUEj8r8hgpLsfz/bz2ZpYPb22NEk6Ojh1FxxsyD1TQKDZdZL0YW7hWngRw5S89 ZyKpxzYgPOJgT8wmaLoxPUBCV8q1O4HzTsky7RvgyWFIJg+aN4pdydk1UlACqLjI4aRk nHfPnURrXrmQEQqpH0lM/V9gTGlrIU8QiilnoqoKr+le/RxmaNjxZU6lqlswlKJPqb+C CJTbVO67q5HvjYMpLpYCB2fMSDSXmWySm01+fj+9DNbG9dWXXH9tJHWopGEqaaqswVVs J/nQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=oI2tcLs2VlqD/HncT8zaFGW4c8yfqkXH+c8fu0xgo14=; b=tkPvEgUEyJh+W62pfSp4Lq5uLFZSI/Igs+cKC59W/k25qLO9EBr7mMFWTdUYZmj9sy nQ4sPlhe+9VokMqd+Yg/s1jbVwsKQ4tDL5qhcn6P0jMJqjCGyq3GVQphBYQwWtDM/Yp9 DuelNtfnzO/fofFFCWH1SgbrdTRfaCEVIy48tN031m/fWEKStAIcFuMGfaKlYfC63jcA ljXQhuDT+qVHnhvMPsjGY0PYwAynzVTdLTjBC79GWAJONyXJWMjYx+rLH2bOv0YHno9w HJrDvo4uc40se4pgSpbTnQyXXUhBjpWbNX6EuPtlliyaHs0heMkQH5c08kB8SBV3n7dA CKbA==
X-Gm-Message-State: AODbwcDZrh5MruIcFAatFX1HuGoQ1nQguL1swr8XFOZPWF/tQ3iKC+AB 64Pir8Q5DJVIgNGsXhH3FeTG1azFDi4U
X-Received: by 10.107.170.16 with SMTP id t16mr10311325ioe.113.1494940035672; Tue, 16 May 2017 06:07:15 -0700 (PDT)
MIME-Version: 1.0
From: Adam Montville <adam.w.montville@gmail.com>
Date: Tue, 16 May 2017 13:07:05 +0000
Message-ID: <CACknUNWs8_4pBWPJHNyzVjb+aT3mb1=MqWEnyoWPiOzkz7jZEA@mail.gmail.com>
To: "sacm@ietf.org" <sacm@ietf.org>
Content-Type: multipart/alternative; boundary="001a11427a60c97a04054fa3d9ce"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/cSp3UmX25mpNcvi7rkNMzmR3GI0>
Subject: [sacm] Identifying Vulnerability Assessment Code
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 May 2017 13:11:14 -0000
All: Last week a list of goals were sent to this list [1]. I did see some back-channel conversation, but nothing that made its way to the list. Then, those are our stated goals, and it is now time to start considering what code may already exist for our agreed upon components. Once again, these components are listed at [2] and repeated here: * Vulnerability Detection Data Repository * Vulnerability Assessor * Endpoint Repository * Collector * Target Endpoint * Assessment Results Repository We need to drive this to some conclusion relatively quickly. If you have or know of components filling these roles, please respond by the end of this week. Note that the target endpoint component will likely be determined based on which real-world vulnerability(ies) we choose to deal with as part of this exercise. Kind regards, Adam [1] https://mailarchive.ietf.org/arch/msg/sacm/LskQ7tj9Wvy1-0DSlEN_VakYj64 [2] https://mailarchive.ietf.org/arch/msg/sacm/w_kL2vzDBPk0NN9N1WQcpb3Qwfw
- [sacm] Identifying Vulnerability Assessment Code Adam Montville
- Re: [sacm] Identifying Vulnerability Assessment C… Banghart, Stephen A. (Fed)
- Re: [sacm] Identifying Vulnerability Assessment C… Adam Montville
- Re: [sacm] Identifying Vulnerability Assessment C… Bill Munyan
- Re: [sacm] Identifying Vulnerability Assessment C… Adam Montville
- Re: [sacm] Identifying Vulnerability Assessment C… Adam Montville
- Re: [sacm] Identifying Vulnerability Assessment C… Waltermire, David A. (Fed)
- Re: [sacm] Identifying Vulnerability Assessment C… Adam Montville