Re: [scap_interest] Operational Aspects

"Chandrashekhar B" <bchandra@secpod.com> Fri, 17 February 2012 12:12 UTC

Return-Path: <bchandra@secpod.com>
X-Original-To: scap_interest@ietfa.amsl.com
Delivered-To: scap_interest@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10C7921F87E6 for <scap_interest@ietfa.amsl.com>; Fri, 17 Feb 2012 04:12:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2DX+48+tRyxu for <scap_interest@ietfa.amsl.com>; Fri, 17 Feb 2012 04:12:17 -0800 (PST)
Received: from cpanel23.interactivedns.com (cpanel23.interactivedns.com [184.173.122.2]) by ietfa.amsl.com (Postfix) with ESMTP id 71BDF21F87E7 for <scap_interest@ietf.org>; Fri, 17 Feb 2012 04:12:17 -0800 (PST)
Received: from [119.82.127.3] (port=1797 helo=hpPC) by cpanel23.interactivedns.com with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.69) (envelope-from <bchandra@secpod.com>) id 1RyMfc-0005mx-RI; Fri, 17 Feb 2012 17:42:14 +0530
From: Chandrashekhar B <bchandra@secpod.com>
To: "'Waltermire, David A.'" <david.waltermire@nist.gov>, Kent_Landfield@McAfee.com, lnunez@c3isecurity.com, amontville@tripwire.com
References: <27F65864-3773-40C9-BB6F-8909CB0E94AD@c3isecurity.com> <CB62A117.2C9E8%kent_landfield@mcafee.com> <D7A0423E5E193F40BE6E94126930C4930906BF334F@MBCLUSTER.xchange.nist.gov>
In-Reply-To: <D7A0423E5E193F40BE6E94126930C4930906BF334F@MBCLUSTER.xchange.nist.gov>
Date: Fri, 17 Feb 2012 17:42:02 +0530
Organization: SecPod Technologies
Message-ID: <000601cced6d$5f4a3a20$1ddeae60$@secpod.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0007_01CCED9B.790F2050"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQI/+cM7jyCiCyFuoTNRH6o3ceD71wDg7nasActt4EWVRYL1EA==
Content-Language: en-us
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - cpanel23.interactivedns.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - secpod.com
X-Source:
X-Source-Args:
X-Source-Dir:
Cc: scap_interest@ietf.org
Subject: Re: [scap_interest] Operational Aspects
X-BeenThere: scap_interest@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: bchandra@secpod.com
List-Id: "Discussion List for IETFers interested in the Security Content Automation Protocol \(SCAP\)." <scap_interest.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scap_interest>, <mailto:scap_interest-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/scap_interest>
List-Post: <mailto:scap_interest@ietf.org>
List-Help: <mailto:scap_interest-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scap_interest>, <mailto:scap_interest-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Feb 2012 12:12:21 -0000

I highlighted the interfaces to be standardized in the recent ITSAC,

 

http://scap.nist.gov/events/2011/itsac/presentations/day3/Basavanna%20-%20SC
AP%20Content%20Repository.pdf

 

Search interfaces for all SCAP elements need to be standardized along with
Client validation as Gunnar noted already. We currently have API's to do the
searches, we are considering giving an external interface through WSDL.

 

Chandra.

 

From: scap_interest-bounces@ietf.org [mailto:scap_interest-bounces@ietf.org]
On Behalf Of Waltermire, David A.
Sent: Friday, February 17, 2012 12:32 AM
To: Kent_Landfield@McAfee.com; lnunez@c3isecurity.com;
amontville@tripwire.com
Cc: scap_interest@ietf.org
Subject: Re: [scap_interest] Operational Aspects

 

We are continuing to work on this and I am very interested in developing
standards in this area.  I am currently working on developing an open source
prototype that can be used to evaluate standardized approaches to this
problem.  I haven't published the latest code on this yet, but the original
work we started can be found at:

 

http://code.google.com/p/security-automation-content-repository/

 

The companion presentation to Kent's from March can be found here:

 

http://scap.nist.gov/events/2011/saddsp/presentations/Security_Automation_Co
ntent_Repository_Demo.pdf

 

Dave

 

From: scap_interest-bounces@ietf.org [mailto:scap_interest-bounces@ietf.org]
On Behalf Of Kent_Landfield@McAfee.com
Sent: Thursday, February 16, 2012 1:46 PM
To: lnunez@c3isecurity.com; amontville@tripwire.com
Cc: scap_interest@ietf.org
Subject: Re: [scap_interest] Operational Aspects

 

I see the topic of Content Repository interfaces as very important item that
really should be worked here.  We have been talking about this topic for
over two years now as you both are aware.  I am including the presentation
that was given at SCAP Winter Developer Days last March that may help frame
the issues.   

 

Kent Landfield
Director Content Strategy, Architecture and Standards

McAfee | An Intel Company
5000 Headquarters Dr.
Plano, Texas 75024

Direct: +1.972.963.7096 
Mobile: +1.817.637.8026
Web: www.mcafee.com <http://www.mcafee.com/> 

 

From: Luis Nunez <lnunez@c3isecurity.com>
Date: Thu, 16 Feb 2012 11:54:21 -0600
To: Adam Montville <amontville@tripwire.com>
Cc: Kent Landfield <kent_landfield@mcafee.com>, "scap_interest@ietf.org"
<scap_interest@ietf.org>
Subject: Re: [scap_interest] Operational Aspects

 

Since you mentioned "NVD" also known as the National Vulnerability Database.
I think at some point the IETF will be helpful in creating a protocol to
communicate with these content repositories.  Last I counted was 7 content
repositories.

In no particular order and I am sure there are more out there.

 

-SecPod

-Novell

-NVD

-IT Security Database

-Debian 

-Altx-soft

 

-ln

 

  

On Feb 14, 2012, at 5:18 PM, Adam Montville wrote:

 

Fair enough.  Just throwing things against the wall as they come to mind.

Adam

From: kent_landfield
<kent_landfield@mcafee.com<mailto:kent_landfield@mcafee.com
<mailto:kent_landfield@mcafee.com%3e> >>

Date: Tue, 14 Feb 2012 15:32:38 -0600

To: Adam Montville <amontville@tripwire.com<mailto:amontville@tripwire.com
<mailto:amontville@tripwire.com%3e> >>,
<scap_interest@ietf.org<mailto:scap_interest@ietf.org
<mailto:scap_interest@ietf.org%3e> >>

Subject: Re: [scap_interest] Operational Aspects

Adam,

We have more than enough on our plate with the specification / I-D work.
Let's see if we can deal with this in a more appropriate forum. I do not see
this as that forum.  My 2cents.

Thanks.

Kent Landfield

Director Content Strategy, Architecture and Standards

McAfee | An Intel Company

5000 Headquarters Dr.

Plano, Texas 75024

Direct: +1.972.963.7096

Mobile: +1.817.637.8026

Web: www.mcafee.com<http://www.mcafee.com/>

From: Adam Montville <amontville@tripwire.com<mailto:amontville@tripwire.com
<mailto:amontville@tripwire.com%3e> >>

Date: Tue, 14 Feb 2012 15:12:51 -0600

To: "scap_interest@ietf.org<mailto:scap_interest@ietf.org
<mailto:scap_interest@ietf.org%3e> >"
<scap_interest@ietf.org<mailto:scap_interest@ietf.org
<mailto:scap_interest@ietf.org%3e> >>

Subject: [scap_interest] Operational Aspects

While we're all bantering about on security automation, there's another side
to the story.  Are there any operational concerns we might address within a
WG should one be formed?  For example, we have, in the United States, NVD
hosting a repository of information.  CCE identifiers are moderated and
assigned by an operational process.  As new enumerations are published and
new types of content are conceived, it's easy to imagine the need for some
operational standardization.

Should we consider standardizing some of these processes, and if so would
the WG we seek to establish be the appropriate place for that work?

Regards,

Adam W. Montville | Security and Compliance Architect

Direct: 503 276-7661

Mobile: 360 471-7815

TRIPWIRE | Take CONTROL

http://www.tripwire.com

_______________________________________________

scap_interest mailing list

scap_interest@ietf.org<mailto:scap_interest@ietf.org>

https://www.ietf.org/mailman/listinfo/scap_interest

_______________________________________________

scap_interest mailing list

scap_interest@ietf.org

https://www.ietf.org/mailman/listinfo/scap_interest

 

 

  _____  

No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.1913 / Virus Database: 2112/4813 - Release Date: 02/16/12