Re: [sacm] Component Communication Sequence (Was - Re: Components for Vulnerability Assessment)
Adam Montville <adam.w.montville@gmail.com> Mon, 22 May 2017 18:30 UTC
Return-Path: <adam.w.montville@gmail.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 784711286D6 for <sacm@ietfa.amsl.com>; Mon, 22 May 2017 11:30:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u6u4x_iqbfgX for <sacm@ietfa.amsl.com>; Mon, 22 May 2017 11:30:37 -0700 (PDT)
Received: from mail-io0-x22e.google.com (mail-io0-x22e.google.com [IPv6:2607:f8b0:4001:c06::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 85A03127B5A for <sacm@ietf.org>; Mon, 22 May 2017 11:30:37 -0700 (PDT)
Received: by mail-io0-x22e.google.com with SMTP id o12so87141466iod.3 for <sacm@ietf.org>; Mon, 22 May 2017 11:30:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=zwBsvgueDvQiRPIvRcPsLuUk1dLgcVJNdQ2CdxSqHdk=; b=cRz3d5F4xr8oDiel5UGq8xQ/J15To/9DlXQh+Ivx9EEOYSrw3laoX6Ny9kIZK+Fggn qjXQQNS/4AypTC4FneItv17WYMbRFRAnh42Ks1lmYRw2IwUuVZZ8n5rtPyuiwa7Jp16r nQkszn8x6xfbJSdj/HQ8DJ9AxFrP0rXjd8s+W8irEqfbmZRIiygdGHV+UIobYUpesrSY 9crctB4zLu9N5TwmhlTMjjP/T44dfaTbHcqqpuJbxvxo5RDDXBgxFuWQq6nQWxflqi/i 2XcrbYJkQjjm+RInmDeJGLlqOMIkyf8uSai1LYRFYXUNdtn8LIqtVJqRogjrHeJSwL7h gAXA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=zwBsvgueDvQiRPIvRcPsLuUk1dLgcVJNdQ2CdxSqHdk=; b=DbTAxsSLLCXF63Fkuh3jIUqGwq8dca+kzgQmcxEJWgWnWb4o/5tU+9FKCh0MB3z1qZ Frlo4UD5rGHAFkcP+4wqjSXIMlSTnKf8hHYBvbb5L/2GbJ3JqizB32j5oI9BqbhSV87X CMBtq3TEC4O3oCTNYSFtbsIchNb77NeZyiLAGB8TpBPoQ8+9o3pvMSD1RbWJItsCYI5N 29MS8MCY4GwySUkkalxyh6gwzXp0m5ZmemRIRzHqKSsdA8UTVDphRqB468UFGjL3YoGl ol8P2xdybWvqvfilTai341CogsS+Nb9xJCRsN57mqkXaeFAsrXxF1vGqLVPVEYVYnAow VrXA==
X-Gm-Message-State: AODbwcAAkxl/YMO/cj76uQt87MNVFToZJNpsjIinw65GAG4mtd+NmpDA okVxB54TWwrCCWxeDu/A9z/LpvSllg==
X-Received: by 10.107.176.131 with SMTP id z125mr22749875ioe.161.1495477836806; Mon, 22 May 2017 11:30:36 -0700 (PDT)
MIME-Version: 1.0
References: <CACknUNUNhCCV8LRDpjEm1SvgwpLq+NEEDbc3LOPYzMyRbmfy9w@mail.gmail.com> <CACknUNXtxuHKcO35vzNR79m--UfNP4E5tRMSFr=WXJpbdQOCrw@mail.gmail.com> <CACknUNW9A0dttxjzAymS0CqN3eF7z63GyCecnn4y6QMUcpgt3g@mail.gmail.com> <iFofHfKOzZW3sMvsW6tHUfYfKDFhsCCGQRNwrebcrYJ3xzGcxK4p-2EYUTVnZgD9VjwIqqWGlpqreM0LVVMVy3QTq9Pc6PXAyxQLgOX5kSU=@protonmail.com> <CACknUNXFNPu+SRbGwP0zdr-GQQ8fvyFkfq-E2sMC2uKM1tVOpA@mail.gmail.com> <DM5PR09MB13549D43EE6B18208C39FCF6A5E70@DM5PR09MB1354.namprd09.prod.outlook.com> <CACknUNW7+y6c93y5UNgEVs69sdf6PK7rRpHw-F7GhFanZCFXFQ@mail.gmail.com> <DM5PR09MB1354DE08127393031FFC9F86A5E50@DM5PR09MB1354.namprd09.prod.outlook.com> <DM5PR09MB135448EED5B0AF26E47C0BC1A5F80@DM5PR09MB1354.namprd09.prod.outlook.com> <HbfjgMpKY3q_sRP640Hqfw-L5oZiPnlKCBMq5Fyw9eEIpu4wODdzDfuk2quuH5vSBwkU3GaBA_ZbF_cFuLDkYrEW7bmFpyrWwIF_16Ulm_8=@protonmail.com>
In-Reply-To: <HbfjgMpKY3q_sRP640Hqfw-L5oZiPnlKCBMq5Fyw9eEIpu4wODdzDfuk2quuH5vSBwkU3GaBA_ZbF_cFuLDkYrEW7bmFpyrWwIF_16Ulm_8=@protonmail.com>
From: Adam Montville <adam.w.montville@gmail.com>
Date: Mon, 22 May 2017 18:30:26 +0000
Message-ID: <CACknUNXhtV5S+Emc4W_C3RG9nGs7oyditH3Q1xFwRcukSGW6iw@mail.gmail.com>
To: Jerome Athias <jerome.athias@protonmail.com>, "Haynes, Dan" <dhaynes@mitre.org>
Cc: "sacm@ietf.org" <sacm@ietf.org>
Content-Type: multipart/alternative; boundary="001a114532ba3b7fe90550211132"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/oS7LECgEPRAL-KIexIKuBmA04lg>
Subject: Re: [sacm] Component Communication Sequence (Was - Re: Components for Vulnerability Assessment)
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 May 2017 18:30:39 -0000
Great, thanks! On Mon, May 22, 2017 at 12:35 PM Jerome Athias <jerome.athias@protonmail.com> wrote: > That looks like reasonable to me. > > Thank you > > > > -------- Original Message -------- > Subject: Re: [sacm] Component Communication Sequence (Was - Re: Components > for Vulnerability Assessment) > Local Time: May 22, 2017 8:24 PM > UTC Time: May 22, 2017 5:24 PM > From: dhaynes@mitre.org > To: "Haynes, Dan" <dhaynes@mitre.org>, Adam Montville < > adam.w.montville@gmail.com>, Jerome Athias <jerome.athias@protonmail.com> > sacm@ietf.org <sacm@ietf.org> > > > I just updated the “Vulnerability Description Information” section in the > Vulnerability Assessment Scenario wiki [1] to include the following > statement. > > > > “The enterprise is responsible for determining the sources of > vulnerability description information as well as which vulnerability > description information is converted into vulnerability detection data.” > > > > Jerome, I think this should address your comment about giving the > enterprise the flexibility to determine which of the vulnerability > description information is converted into vulnerability detection data. Let > me know if it is missing anything or if there is anything that could be > improved. > > > > Thanks, > > Danny > > > > [1] > https://trac.ietf.org/trac/sacm/wiki/SacmVulnerabilityAssessmentScenario > > > >
- Re: [sacm] Components for Vulnerability Assessment Henk Birkholz
- [sacm] Components for Vulnerability Assessment Adam Montville
- Re: [sacm] Components for Vulnerability Assessment Haynes, Dan
- Re: [sacm] Components for Vulnerability Assessment Haynes, Dan
- Re: [sacm] Components for Vulnerability Assessment Adam Montville
- Re: [sacm] Components for Vulnerability Assessment Carl-Heinz Genzel
- Re: [sacm] Components for Vulnerability Assessment Muhammad Nasir Mumtaz Bhutta
- Re: [sacm] Components for Vulnerability Assessment Haynes, Dan
- Re: [sacm] Components for Vulnerability Assessment Haynes, Dan
- Re: [sacm] Components for Vulnerability Assessment Adam Montville
- Re: [sacm] Components for Vulnerability Assessment Adam Montville
- Re: [sacm] Components for Vulnerability Assessment Adam Montville
- [sacm] Component Communication Sequence (Was - Re… Adam Montville
- Re: [sacm] Component Communication Sequence (Was … Jerome Athias
- Re: [sacm] Component Communication Sequence (Was … Adam Montville
- Re: [sacm] Component Communication Sequence (Was … Haynes, Dan
- Re: [sacm] Component Communication Sequence (Was … Adam Montville
- Re: [sacm] Component Communication Sequence (Was … Haynes, Dan
- Re: [sacm] Component Communication Sequence (Was … Haynes, Dan
- Re: [sacm] Component Communication Sequence (Was … Jerome Athias
- Re: [sacm] Component Communication Sequence (Was … Adam Montville