IETF Logo Mail Archive

[sacm] Components for Vulnerability Assessment

Adam Montville <adam.w.montville@gmail.com> Tue, 18 April 2017 13:04 UTC

Return-Path: <adam.w.montville@gmail.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ADC2F12EB9C for <sacm@ietfa.amsl.com>; Tue, 18 Apr 2017 06:04:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aRCzvzwPHHLT for <sacm@ietfa.amsl.com>; Tue, 18 Apr 2017 06:04:07 -0700 (PDT)
Received: from mail-io0-x234.google.com (mail-io0-x234.google.com [IPv6:2607:f8b0:4001:c06::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1C3861274D0 for <sacm@ietf.org>; Tue, 18 Apr 2017 06:04:07 -0700 (PDT)
Received: by mail-io0-x234.google.com with SMTP id a103so190470505ioj.1 for <sacm@ietf.org>; Tue, 18 Apr 2017 06:04:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=jfGYbXyBAwjDfYuxesoLAg8Q8NJTb5JSWp4rIzLyfcM=; b=BNbnJw3ZpLEg9mu8x3X0Zbt1X/SL+yagCgKCmhnYJHc0ulPUclvtvo6UrnZNRedfj4 Pd/40CNuUqg033LUmG025wUUyeeSGV849eJYXfbKRHknVjjM50abZi07WEFN6GMi5wQB hkEUlCCsyrsLYFmlEgjJhWPNRzlRODzmAsQjYO3L2qSHdf2ILwCCax/PR1skXPRoo9SU 0G4xgqOC6U4sYnJ3BTChY2yUiXGuNjlC/oZ5eNpvpreZGcJxQxJmY8pzCXtGEliF4wAu /uKbk3PH5fi1OoyvDD5CW0EejpxhvZnUcVC7RI2a8dVbqLWDY86WDcH5CNnFDZOdl09l t6Bw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=jfGYbXyBAwjDfYuxesoLAg8Q8NJTb5JSWp4rIzLyfcM=; b=ahqxOqD+ma4uYPHA1oVMy+7/X9W2eRs/5l8LLA5JWTCXYzviJzGE/2Hdo7zKfgJNKy bmt9Ub/7eItyTAmEGWGB9EA4rZojeXMzNXmU+GIfPOy09xoWhRzvER4sBYEf7KE8o8sI MNImZMitpInbZyfSFVxuBbh/WwAV3uYGteOQu2jsKhk8XO2CHck/WgTfsyYaQGSnc/nq 43LLt0RTj5b5m0ajxoIBbd7Nx7d8icN+dBQEB0LrZssHqRDqxZuoOr0y8xvjqoZUdYkB aWokdLzoBKl5rfqzSHXhzTza+Ro4f7R432kigC9/4nt7vaYE4Qii/xUxLdeuVMdkfjJ2 Wy8w==
X-Gm-Message-State: AN3rC/5mZjogOt/cdeMsI11qpwskFBzNB/dEuXj4VRnOydtodYMafGyi rpgBDQgjmZGVmE4EuUwcSv0J8W/SIY6l
X-Received: by 10.107.53.196 with SMTP id k65mr8988880ioo.106.1492520645978; Tue, 18 Apr 2017 06:04:05 -0700 (PDT)
MIME-Version: 1.0
From: Adam Montville <adam.w.montville@gmail.com>
Date: Tue, 18 Apr 2017 13:03:55 +0000
Message-ID: <CACknUNUNhCCV8LRDpjEm1SvgwpLq+NEEDbc3LOPYzMyRbmfy9w@mail.gmail.com>
To: "sacm@ietf.org" <sacm@ietf.org>
Content-Type: multipart/alternative; boundary="001a11449722eca271054d708adb"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/w_kL2vzDBPk0NN9N1WQcpb3Qwfw>
Subject: [sacm] Components for Vulnerability Assessment
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Apr 2017 13:04:09 -0000

Hi All:

We've got a list of components we think we care about for our vulnerability
assessment scenario (focusing on the narrowest "ideal case" through the
scenario for the time being.

These are:

* Vulnerability Detection Data Repository
* Vulnerability Assessor
* Endpoint Repository
* Collector
* Target Endpoint
* Assessment Results Repository

For reference, see our wiki [1] and/or the slides from IETF 98 [2] and/or
the minutes from IETF 98 [3]

Question to the WG: Is this an appropriate initial list of components?

Please opine within the next few days (say by end of your day on Thursday,
wherever you may be), so that we can generate some momentum on this effort.

Kind regards,

Adam

[1] https://trac.ietf.org/trac/sacm/wiki/SacmVulnerabilityAssessmentScenario

[2]
https://www.ietf.org/proceedings/98/slides/slides-98-sacm-vulnerability-scenario-discussion-00.pdf

[3] https://www.ietf.org/proceedings/98/minutes/minutes-98-sacm-00.txt

v2.23.0 | Report a Bug | By Email