Re: [scap_interest] Software Vulnerability Mitigation Automation - IVIL v1.0
Luis Nunez <lnunez@c3isecurity.com> Fri, 17 February 2012 16:38 UTC
Return-Path: <lnunez@c3isecurity.com>
X-Original-To: scap_interest@ietfa.amsl.com
Delivered-To: scap_interest@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE54621F8505 for <scap_interest@ietfa.amsl.com>; Fri, 17 Feb 2012 08:38:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IaPZce8foOUH for <scap_interest@ietfa.amsl.com>; Fri, 17 Feb 2012 08:38:00 -0800 (PST)
Received: from mail-gx0-f172.google.com (mail-gx0-f172.google.com [209.85.161.172]) by ietfa.amsl.com (Postfix) with ESMTP id ABBD621F84F9 for <scap_interest@ietf.org>; Fri, 17 Feb 2012 08:38:00 -0800 (PST)
Received: by ggnq2 with SMTP id q2so2166433ggn.31 for <scap_interest@ietf.org>; Fri, 17 Feb 2012 08:38:00 -0800 (PST)
Received: by 10.236.145.230 with SMTP id p66mr10363252yhj.27.1329496680049; Fri, 17 Feb 2012 08:38:00 -0800 (PST)
Received: from [172.16.1.103] (cpe-066-057-025-190.nc.res.rr.com. [66.57.25.190]) by mx.google.com with ESMTPS id a47sm23671919yhj.12.2012.02.17.08.37.57 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 17 Feb 2012 08:37:59 -0800 (PST)
Mime-Version: 1.0 (Apple Message framework v1257)
Content-Type: text/plain; charset="iso-8859-1"
From: Luis Nunez <lnunez@c3isecurity.com>
In-Reply-To: <4F3C57D9.8020405@netpeas.com>
Date: Fri, 17 Feb 2012 11:37:55 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <F9F27845-F33E-45CD-9125-37DF651A78A0@c3isecurity.com>
References: <4F3C57D9.8020405@netpeas.com>
To: Jerome Athias <jerome@netpeas.com>
X-Mailer: Apple Mail (2.1257)
X-Gm-Message-State: ALoCoQmQGM1C5UwQ/PYrCfQbMW9IcZzWyRNMMTv6GpqzVpwiZG834ItR/wF9Pg4/1Gvkz6zGYvOX
Cc: scap_interest@ietf.org
Subject: Re: [scap_interest] Software Vulnerability Mitigation Automation - IVIL v1.0
X-BeenThere: scap_interest@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discussion List for IETFers interested in the Security Content Automation Protocol \(SCAP\)." <scap_interest.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scap_interest>, <mailto:scap_interest-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/scap_interest>
List-Post: <mailto:scap_interest@ietf.org>
List-Help: <mailto:scap_interest-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scap_interest>, <mailto:scap_interest-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Feb 2012 16:38:01 -0000
I certainly see this theme of "information sharing" and"standards" emanating from US politics. I am sure similar issues are being debated else where globally. Thanks for providing the snap shot of the intricacies of security information. I wanted to emphasis some of the problems we are trying solve here. We are trying to solve the problem of communicating and connecting the dots all in a cooperative and cohesive way. So it starts with standardizing the Security Automation specifications. I look forward to seeing more of the "vulnerability interoperability" proposal. Thanks. -ln On Feb 15, 2012, at 8:11 PM, Jerome Athias wrote: > As mentioned in the U.S. "INTERNATIONAL STRATEGY FOR CYBERSPACE"[1] document, > we need "interoperable and secure technical standards, determined by technical experts". > > I would like to introduce my vision of "Software Vulnerability Mitigation Automation" > via IVIL v1.0 via a (incomplete) Conceptual Map. > > Requirements: ~15 minutes of your time, a headset and the Boléro > > https://corevidence.com/research/vulnerability_interoperability_ivil_v1.jpg > > (I extracted some links, please see below) > > > > i = x2ivil + ivil2x > where "i" is interoperability and "x" a software (vulnerability scanner,... + waf, virtual patching system, ...) > > What do you think? > > Thank you. > Best regards, > > Jerome Athias - NETpeas > VP, Director of Software Engineer > Palo Alto - Paris - Casablanca > http://www.netpeas.com > > "The computer security is an art form. It's the ultimate martial art." > > > > [1] http://www.whitehouse.gov/blog/2011/05/16/launching-us-international-strategy-cyberspace > IVIL-XML http://www.cupfighter.net/index.php/2010/10/ivil-an-xml-schema-to-exchange-vulnerability-information/ > ThreadFix http://code.google.com/p/threadfix/ > > _______________________________________________ > scap_interest mailing list > scap_interest@ietf.org > https://www.ietf.org/mailman/listinfo/scap_interest
- [scap_interest] Software Vulnerability Mitigation… Jerome Athias
- Re: [scap_interest] Software Vulnerability Mitiga… Luis Nunez