Re: [scap_interest] Operational Aspects

<> Tue, 14 February 2012 21:34 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id F338221E801D for <>; Tue, 14 Feb 2012 13:34:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.598
X-Spam-Status: No, score=-6.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 8AdjkyprJgmS for <>; Tue, 14 Feb 2012 13:34:08 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 617DC21F8575 for <>; Tue, 14 Feb 2012 13:33:36 -0800 (PST)
Received: from (unknown []) by with smtp id 023d_6acb_8a4fbce0_5753_11e1_b9f8_00219b929abd; Tue, 14 Feb 2012 15:33:31 -0600
Received: from ([fe80::387d:3d79:ad3b:b517]) by ([::1]) with mapi; Tue, 14 Feb 2012 15:32:06 -0600
Date: Tue, 14 Feb 2012 15:32:38 -0600
Thread-Topic: [scap_interest] Operational Aspects
Thread-Index: AczrYBjlQyR9g0QLSw2SR2ATX9Tszg==
Message-ID: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
user-agent: Microsoft-MacOutlook/
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_CB602E892C54Fkentlandfieldmcafeecom_"
MIME-Version: 1.0
Subject: Re: [scap_interest] Operational Aspects
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discussion List for IETFers interested in the Security Content Automation Protocol \(SCAP\)." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 14 Feb 2012 21:34:09 -0000


We have more than enough on our plate with the specification / I-D work.  Let's see if we can deal with this in a more appropriate forum. I do not see this as that forum.  My 2cents…


Kent Landfield
Director Content Strategy, Architecture and Standards

McAfee | An Intel Company
5000 Headquarters Dr.
Plano, Texas 75024

Direct: +1.972.963.7096
Mobile: +1.817.637.8026

From: Adam Montville <<>>
Date: Tue, 14 Feb 2012 15:12:51 -0600
To: "<>" <<>>
Subject: [scap_interest] Operational Aspects

While we're all bantering about on security automation, there's another side to the story.  Are there any operational concerns we might address within a WG should one be formed?  For example, we have, in the United States, NVD hosting a repository of information.  CCE identifiers are moderated and assigned by an operational process.  As new enumerations are published and new types of content are conceived, it's easy to imagine the need for some operational standardization.

Should we consider standardizing some of these processes, and if so would the WG we seek to establish be the appropriate place for that work?


Adam W. Montville | Security and Compliance Architect

Direct: 503 276-7661
Mobile: 360 471-7815


scap_interest mailing list<>