Re: [scap_interest] Operational Aspects

<Kent_Landfield@McAfee.com> Thu, 16 February 2012 18:47 UTC

Return-Path: <Kent_Landfield@mcafee.com>
X-Original-To: scap_interest@ietfa.amsl.com
Delivered-To: scap_interest@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9940711E80A4 for <scap_interest@ietfa.amsl.com>; Thu, 16 Feb 2012 10:47:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level:
X-Spam-Status: No, score=x tagged_above=-999 required=5 tests=[]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pcztFqYMeRrw for <scap_interest@ietfa.amsl.com>; Thu, 16 Feb 2012 10:47:46 -0800 (PST)
Received: from dalsmrelay2.nai.com (dalsmrelay2.nai.com [205.227.136.216]) by ietfa.amsl.com (Postfix) with ESMTP id C1C0311E80A1 for <scap_interest@ietf.org>; Thu, 16 Feb 2012 10:47:42 -0800 (PST)
Received: from (unknown [10.64.5.52]) by dalsmrelay2.nai.com with smtp id 5339_1183_ac632a8e_58ce_11e1_90a8_00219b929abd; Thu, 16 Feb 2012 12:47:27 -0600
Received: from AMERDALEXMB1.corp.nai.org ([fe80::387d:3d79:ad3b:b517]) by DALEXHT2.corp.nai.org ([::1]) with mapi; Thu, 16 Feb 2012 12:46:35 -0600
From: <Kent_Landfield@McAfee.com>
To: <lnunez@c3isecurity.com>, <amontville@tripwire.com>
Date: Thu, 16 Feb 2012 12:46:19 -0600
Thread-Topic: [scap_interest] Operational Aspects
Thread-Index: Aczs204LFubBjEhLRMKT19y1f00Xdg==
Message-ID: <CB62A117.2C9E8%kent_landfield@mcafee.com>
In-Reply-To: <27F65864-3773-40C9-BB6F-8909CB0E94AD@c3isecurity.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.14.0.111121
acceptlanguage: en-US
Content-Type: multipart/mixed; boundary="_004_CB62A1172C9E8kentlandfieldmcafeecom_"
MIME-Version: 1.0
Cc: scap_interest@ietf.org
Subject: Re: [scap_interest] Operational Aspects
X-BeenThere: scap_interest@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discussion List for IETFers interested in the Security Content Automation Protocol \(SCAP\)." <scap_interest.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scap_interest>, <mailto:scap_interest-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/scap_interest>
List-Post: <mailto:scap_interest@ietf.org>
List-Help: <mailto:scap_interest-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scap_interest>, <mailto:scap_interest-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Feb 2012 18:47:47 -0000

I see the topic of Content Repository interfaces as very important item that really should be worked here.  We have been talking about this topic for over two years now as you both are aware.  I am including the presentation that was given at SCAP Winter Developer Days last March that may help frame the issues.

Kent Landfield
Director Content Strategy, Architecture and Standards

McAfee | An Intel Company
5000 Headquarters Dr.
Plano, Texas 75024

Direct: +1.972.963.7096
Mobile: +1.817.637.8026
Web: www.mcafee.com<http://www.mcafee.com/>

From: Luis Nunez <lnunez@c3isecurity.com<mailto:lnunez@c3isecurity.com>>
Date: Thu, 16 Feb 2012 11:54:21 -0600
To: Adam Montville <amontville@tripwire.com<mailto:amontville@tripwire.com>>
Cc: Kent Landfield <kent_landfield@mcafee.com<mailto:kent_landfield@mcafee.com>>, "scap_interest@ietf.org<mailto:scap_interest@ietf.org>" <scap_interest@ietf.org<mailto:scap_interest@ietf.org>>
Subject: Re: [scap_interest] Operational Aspects

Since you mentioned "NVD" also known as the National Vulnerability Database.  I think at some point the IETF will be helpful in creating a protocol to communicate with these content repositories.  Last I counted was 7 content repositories.
In no particular order and I am sure there are more out there.

-SecPod
-Novell
-NVD
-IT Security Database
-Debian
-Altx-soft

-ln


On Feb 14, 2012, at 5:18 PM, Adam Montville wrote:

Fair enough.  Just throwing things against the wall as they come to mind.
Adam
From: kent_landfield <kent_landfield@mcafee.com<mailto:kent_landfield@mcafee.com><mailto:kent_landfield@mcafee.com>>
Date: Tue, 14 Feb 2012 15:32:38 -0600
To: Adam Montville <amontville@tripwire.com<mailto:amontville@tripwire.com><mailto:amontville@tripwire.com>>, <scap_interest@ietf.org<mailto:scap_interest@ietf.org><mailto:scap_interest@ietf.org>>
Subject: Re: [scap_interest] Operational Aspects
Adam,
We have more than enough on our plate with the specification / I-D work.  Let's see if we can deal with this in a more appropriate forum. I do not see this as that forum.  My 2cents…
Thanks.
Kent Landfield
Director Content Strategy, Architecture and Standards
McAfee | An Intel Company
5000 Headquarters Dr.
Plano, Texas 75024
Direct: +1.972.963.7096
Mobile: +1.817.637.8026
Web: www.mcafee.com<http://www.mcafee.com/>
From: Adam Montville <amontville@tripwire.com<mailto:amontville@tripwire.com><mailto:amontville@tripwire.com>>
Date: Tue, 14 Feb 2012 15:12:51 -0600
To: "scap_interest@ietf.org<mailto:scap_interest@ietf.org><mailto:scap_interest@ietf.org>" <scap_interest@ietf.org<mailto:scap_interest@ietf.org><mailto:scap_interest@ietf.org>>
Subject: [scap_interest] Operational Aspects
While we're all bantering about on security automation, there's another side to the story.  Are there any operational concerns we might address within a WG should one be formed?  For example, we have, in the United States, NVD hosting a repository of information.  CCE identifiers are moderated and assigned by an operational process.  As new enumerations are published and new types of content are conceived, it's easy to imagine the need for some operational standardization.
Should we consider standardizing some of these processes, and if so would the WG we seek to establish be the appropriate place for that work?
Regards,
Adam W. Montville | Security and Compliance Architect
Direct: 503 276-7661
Mobile: 360 471-7815
TRIPWIRE | Take CONTROL
http://www.tripwire.com
_______________________________________________
scap_interest mailing list
scap_interest@ietf.org<mailto:scap_interest@ietf.org><mailto:scap_interest@ietf.org>
https://www.ietf.org/mailman/listinfo/scap_interest
_______________________________________________
scap_interest mailing list
scap_interest@ietf.org<mailto:scap_interest@ietf.org>
https://www.ietf.org/mailman/listinfo/scap_interest