IETF Logo Mail Archive

Re: [sacm] Components for Vulnerability Assessment

Adam Montville <adam.w.montville@gmail.com> Fri, 21 April 2017 13:01 UTC

Return-Path: <adam.w.montville@gmail.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C31C6129478 for <sacm@ietfa.amsl.com>; Fri, 21 Apr 2017 06:01:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.688
X-Spam-Level:
X-Spam-Status: No, score=-2.688 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_FREEMAIL_DOC_PDF=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h_bljS2yugWH for <sacm@ietfa.amsl.com>; Fri, 21 Apr 2017 06:01:48 -0700 (PDT)
Received: from mail-io0-x231.google.com (mail-io0-x231.google.com [IPv6:2607:f8b0:4001:c06::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 87809124234 for <sacm@ietf.org>; Fri, 21 Apr 2017 06:01:48 -0700 (PDT)
Received: by mail-io0-x231.google.com with SMTP id o22so130583397iod.3 for <sacm@ietf.org>; Fri, 21 Apr 2017 06:01:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=NxIHYAYMS+gGSOurZM580XBfX8Ij96mE/HFb88U7JX8=; b=IaUeab9K49gUNLBTOfU5t2FPpbajM5uhlftiNdZuxLwAzgCFdWuJKcWmI1giNnz70O c66U87/cJ967FgYhJCWCcsxy0i88JbjDAcwanftaTp4fTMmY7kZk0T62oxo9losr4/hV TVa6ty9nczrhV92+ryf0pKku1eTjvcKQPZ6xUR8r8VzYDIZrW1RljPE1p2XaSC9CDFPS iKfYP2gdVVhFwGsCzonbg/ktyTpMsEWpUGcNIp51RcJSFEYd3+mIKxLO0vuHR9bd7HRY o9eXVLTysq1reP0VyJiS+opl7JvQna0QI3ZKKvOlKSmrEP6KWbBlDzJS5HUwEz7B3qOb z3wA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=NxIHYAYMS+gGSOurZM580XBfX8Ij96mE/HFb88U7JX8=; b=b4YsXUC5yL1/XU+EUDN30CmNDzLAAzWgn4NYbLSf/ZA0NNPq42ESfI25uJMNzT73JA 7lQZ1hCyrlnNWq7yZd3zUnwo5Hh9MQzdQQ+zMX35prJnhJW/gbEDS8RgLxLVnhvw9yie TKZSctOhQIIIU06h51GwrHtalsU27H0bSntQrJFEWuLPQJhOWDc0G9x9kBUwpHLUKo/u al6IeH5ujwmLIGyyIFo5FJND4GdJvAXipBrYFfHHWAjhuarSlBttNXJBB3mzHgRmbNWp YefownUMeqVzfLxGpxVP/dAfQF5iEiK2opYn++oiY6AuFl6XG9H5UHxGryPhvfR33rz1 K0Ow==
X-Gm-Message-State: AN3rC/4roqsfGMjS9hwFzLJe5ZQdwl1Wb+0xOCm7Rm8UfcIjHyZ/hp1+ M5UAYQ9I+2imfaIq+FdIJMMXunybERRl
X-Received: by 10.107.169.199 with SMTP id f68mr15598371ioj.199.1492779660367; Fri, 21 Apr 2017 06:01:00 -0700 (PDT)
MIME-Version: 1.0
References: <CACknUNUNhCCV8LRDpjEm1SvgwpLq+NEEDbc3LOPYzMyRbmfy9w@mail.gmail.com>
In-Reply-To: <CACknUNUNhCCV8LRDpjEm1SvgwpLq+NEEDbc3LOPYzMyRbmfy9w@mail.gmail.com>
From: Adam Montville <adam.w.montville@gmail.com>
Date: Fri, 21 Apr 2017 13:00:49 +0000
Message-ID: <CACknUNXtxuHKcO35vzNR79m--UfNP4E5tRMSFr=WXJpbdQOCrw@mail.gmail.com>
To: "sacm@ietf.org" <sacm@ietf.org>
Content-Type: multipart/mixed; boundary="001a11426aa662a2e8054dacd997"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/u2cppct5RgwnOdfQoZnlkMN7t2w>
Subject: Re: [sacm] Components for Vulnerability Assessment
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Apr 2017 13:01:51 -0000

Hello Everyone,

After some discussion on this topic, I feel like we've got no real
objection to this proposed list of components. As such, this brings us back
to the second version of the sequence diagram that some of us were working
with not too long ago (see attached PDF vector diagram).

Given that set of components, we can now start talking about the expected
communications between them in an ideal case through the system. Remember
that the VDI (vulnerability information) is assumed to have been
transformed and placed into the VDD (vulnerability detection) Repository.
I've numbered the flows in the attached sequence diagram to show the
proposed order and so that we can talk about each flow by that number.

Does this flow feel right to everyone on the list? What needs to be
different? What alternate flows may exist for the basic case of checking
inventory against a new vulnerability?

Let's carry this discussion on for a week or so. (Do we need longer?)

Kind regards,

Adam

On Tue, Apr 18, 2017 at 8:03 AM Adam Montville <adam.w.montville@gmail.com>
wrote:

> Hi All:
>
> We've got a list of components we think we care about for our
> vulnerability assessment scenario (focusing on the narrowest "ideal case"
> through the scenario for the time being.
>
> These are:
>
> * Vulnerability Detection Data Repository
> * Vulnerability Assessor
> * Endpoint Repository
> * Collector
> * Target Endpoint
> * Assessment Results Repository
>
> For reference, see our wiki [1] and/or the slides from IETF 98 [2] and/or
> the minutes from IETF 98 [3]
>
> Question to the WG: Is this an appropriate initial list of components?
>
> Please opine within the next few days (say by end of your day on Thursday,
> wherever you may be), so that we can generate some momentum on this effort.
>
> Kind regards,
>
> Adam
>
> [1]
> https://trac.ietf.org/trac/sacm/wiki/SacmVulnerabilityAssessmentScenario
> [2]
> https://www.ietf.org/proceedings/98/slides/slides-98-sacm-vulnerability-scenario-discussion-00.pdf
>
> [3] https://www.ietf.org/proceedings/98/minutes/minutes-98-sacm-00.txt
>
>
>

v2.23.0 | Report a Bug | By Email