Re: [scap_interest] The Context Concept

Adam Montville <amontville@tripwire.com> Sat, 18 February 2012 19:34 UTC

Return-Path: <amontville@tripwire.com>
X-Original-To: scap_interest@ietfa.amsl.com
Delivered-To: scap_interest@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 338C721F85D3 for <scap_interest@ietfa.amsl.com>; Sat, 18 Feb 2012 11:34:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.174
X-Spam-Level:
X-Spam-Status: No, score=-4.174 tagged_above=-999 required=5 tests=[AWL=-0.575, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WwxMDJd88gWs for <scap_interest@ietfa.amsl.com>; Sat, 18 Feb 2012 11:34:58 -0800 (PST)
Received: from ch1outboundpool.messaging.microsoft.com (ch1ehsobe002.messaging.microsoft.com [216.32.181.182]) by ietfa.amsl.com (Postfix) with ESMTP id 79D6721F85C3 for <scap_interest@ietf.org>; Sat, 18 Feb 2012 11:34:58 -0800 (PST)
Received: from mail64-ch1-R.bigfish.com (10.43.68.241) by CH1EHSOBE002.bigfish.com (10.43.70.52) with Microsoft SMTP Server id 14.1.225.23; Sat, 18 Feb 2012 19:34:57 +0000
Received: from mail64-ch1 (localhost [127.0.0.1]) by mail64-ch1-R.bigfish.com (Postfix) with ESMTP id 171D41E040E; Sat, 18 Feb 2012 19:34:57 +0000 (UTC)
X-SpamScore: -3
X-BigFish: VPS-3(zz98dKzz1202hzz8275bh8275dhz2dh2a8h668h839h)
X-Forefront-Antispam-Report: CIP:174.47.84.216; KIP:(null); UIP:(null); IPV:NLI; H:PDXHB01.tripwire.com; RD:174-47-84-216.static.twtelecom.net; EFVD:NLI
Received: from mail64-ch1 (localhost.localdomain [127.0.0.1]) by mail64-ch1 (MessageSwitch) id 1329593695904901_784; Sat, 18 Feb 2012 19:34:55 +0000 (UTC)
Received: from CH1EHSMHS007.bigfish.com (snatpool1.int.messaging.microsoft.com [10.43.68.253]) by mail64-ch1.bigfish.com (Postfix) with ESMTP id DAAB544004D; Sat, 18 Feb 2012 19:34:55 +0000 (UTC)
Received: from PDXHB01.tripwire.com (174.47.84.216) by CH1EHSMHS007.bigfish.com (10.43.70.7) with Microsoft SMTP Server (TLS) id 14.1.225.23; Sat, 18 Feb 2012 19:34:56 +0000
Received: from PDXHB01.tripwire.com (172.30.0.53) by PDXED01.tripwire.com (192.168.192.5) with Microsoft SMTP Server (TLS) id 14.1.355.2; Sat, 18 Feb 2012 11:43:37 -0800
Received: from PDXMB02.tripwire.com ([fe80::f997:7b65:8e64:438e]) by PDXHB01.tripwire.com ([fe80::d495:98d2:7df4:2154%11]) with mapi id 14.01.0355.002; Sat, 18 Feb 2012 11:34:55 -0800
From: Adam Montville <amontville@tripwire.com>
To: Jerome Athias <jerome@netpeas.com>, "scap_interest@ietf.org" <scap_interest@ietf.org>
Thread-Topic: [scap_interest] The Context Concept
Thread-Index: AQHM7m/8UU2pLwB0k0+y1LokvyzghpZDC+jJ
Date: Sat, 18 Feb 2012 19:34:55 +0000
Message-ID: <0aasaml5xjcdabsj68db5ne4.1329593692290@email.android.com>
References: <4F3FF5E2.2080901@netpeas.com>
In-Reply-To: <4F3FF5E2.2080901@netpeas.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-exclaimer-md-config: 79afcaa7-fdf4-4fa6-abe0-afeaa4640a4f
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: tripwire.com
Subject: Re: [scap_interest] The Context Concept
X-BeenThere: scap_interest@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discussion List for IETFers interested in the Security Content Automation Protocol \(SCAP\)." <scap_interest.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scap_interest>, <mailto:scap_interest-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/scap_interest>
List-Post: <mailto:scap_interest@ietf.org>
List-Help: <mailto:scap_interest-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scap_interest>, <mailto:scap_interest-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Feb 2012 19:34:59 -0000

The importance of context extends well beyond threats and vulnerabilities as well.

Regards,

Adam

Jerome Athias <jerome@netpeas.com>; wrote:



In a private discussion I had at ToorCon 9, with Matt Miller (skape);
we came to the conclusion that a key (and unresolved) point of automation is the (automatic) definition of the Context in which you are where dealing with a vulnerability (threat).
It was also identified (validated?), and introduced by Druid.
And then, the Druid's work was related (validated?) at FRHACK 01 by Rodrigo Branco (bsdaemon).

Situation awareness (http://en.wikipedia.org/wiki/Situation_awareness) should be taken into account.
Maybe search for "military situational awareness".

My 2 dirhams
/JA