Re: [scap_interest] Operational Aspects
Adam Montville <amontville@tripwire.com> Thu, 16 February 2012 23:43 UTC
Return-Path: <amontville@tripwire.com>
X-Original-To: scap_interest@ietfa.amsl.com
Delivered-To: scap_interest@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1445021E804B for <scap_interest@ietfa.amsl.com>; Thu, 16 Feb 2012 15:43:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.256
X-Spam-Level:
X-Spam-Status: No, score=-4.256 tagged_above=-999 required=5 tests=[AWL=-0.657, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u4vQfAaJC27v for <scap_interest@ietfa.amsl.com>; Thu, 16 Feb 2012 15:43:48 -0800 (PST)
Received: from ch1outboundpool.messaging.microsoft.com (ch1ehsobe003.messaging.microsoft.com [216.32.181.183]) by ietfa.amsl.com (Postfix) with ESMTP id BF61C21E8050 for <scap_interest@ietf.org>; Thu, 16 Feb 2012 15:43:47 -0800 (PST)
Received: from mail79-ch1-R.bigfish.com (10.43.68.239) by CH1EHSOBE008.bigfish.com (10.43.70.58) with Microsoft SMTP Server id 14.1.225.23; Thu, 16 Feb 2012 23:43:47 +0000
Received: from mail79-ch1 (localhost [127.0.0.1]) by mail79-ch1-R.bigfish.com (Postfix) with ESMTP id DF16E4E03A9; Thu, 16 Feb 2012 23:43:46 +0000 (UTC)
X-SpamScore: -38
X-BigFish: VPS-38(zzbb2dI9371I9f17R98dKzz1202hzz1033IL8275bh8275dh5eeeKz2dh2a8h668h839h946h)
X-Forefront-Antispam-Report: CIP:174.47.84.216; KIP:(null); UIP:(null); IPV:NLI; H:PDXHB01.tripwire.com; RD:174-47-84-216.static.twtelecom.net; EFVD:NLI
Received: from mail79-ch1 (localhost.localdomain [127.0.0.1]) by mail79-ch1 (MessageSwitch) id 1329435825655184_14217; Thu, 16 Feb 2012 23:43:45 +0000 (UTC)
Received: from CH1EHSMHS029.bigfish.com (snatpool2.int.messaging.microsoft.com [10.43.68.237]) by mail79-ch1.bigfish.com (Postfix) with ESMTP id 9BB3B16004C; Thu, 16 Feb 2012 23:43:45 +0000 (UTC)
Received: from PDXHB01.tripwire.com (174.47.84.216) by CH1EHSMHS029.bigfish.com (10.43.70.29) with Microsoft SMTP Server (TLS) id 14.1.225.23; Thu, 16 Feb 2012 23:43:44 +0000
Received: from PDXHB01.tripwire.com (172.30.0.53) by PDXED01.tripwire.com (192.168.192.5) with Microsoft SMTP Server (TLS) id 14.1.355.2; Thu, 16 Feb 2012 15:52:27 -0800
Received: from PDXMB02.tripwire.com ([fe80::f997:7b65:8e64:438e]) by PDXHB01.tripwire.com ([fe80::d495:98d2:7df4:2154%11]) with mapi id 14.01.0355.002; Thu, 16 Feb 2012 15:43:43 -0800
From: Adam Montville <amontville@tripwire.com>
To: "Waltermire, David A." <david.waltermire@nist.gov>, kent_landfield <Kent_Landfield@McAfee.com>, "lnunez@c3isecurity.com" <lnunez@c3isecurity.com>
Thread-Topic: [scap_interest] Operational Aspects
Thread-Index: AQHM611pUdMxDo8SrEm/UADfFmLhZ5Y9b7oA//+GooCAA2EKgIAADoWAgAAEZwD//8iRAA==
Date: Thu, 16 Feb 2012 23:43:42 +0000
Message-ID: <CB62D49B.95A9%amontville@tripwire.com>
In-Reply-To: <D7A0423E5E193F40BE6E94126930C4930906BF334F@MBCLUSTER.xchange.nist.gov>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.14.0.111121
x-originating-ip: [172.16.97.192]
x-exclaimer-md-config: 79afcaa7-fdf4-4fa6-abe0-afeaa4640a4f
Content-Type: text/plain; charset="Windows-1252"
Content-ID: <5A788751442B594FA4DC19DFEC8BF30F@tripwire.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: tripwire.com
Cc: "scap_interest@ietf.org" <scap_interest@ietf.org>
Subject: Re: [scap_interest] Operational Aspects
X-BeenThere: scap_interest@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discussion List for IETFers interested in the Security Content Automation Protocol \(SCAP\)." <scap_interest.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scap_interest>, <mailto:scap_interest-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/scap_interest>
List-Post: <mailto:scap_interest@ietf.org>
List-Help: <mailto:scap_interest-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scap_interest>, <mailto:scap_interest-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Feb 2012 23:43:53 -0000
I'd like to contribute to this as well – as much as I can anyway. From: "Waltermire, David A." <david.waltermire@nist.gov<mailto:david.waltermire@nist.gov>> Date: Thu, 16 Feb 2012 14:02:04 -0500 To: kent_landfield <kent_landfield@mcafee.com<mailto:kent_landfield@mcafee.com>>, "lnunez@c3isecurity.com<mailto:lnunez@c3isecurity.com>" <lnunez@c3isecurity.com<mailto:lnunez@c3isecurity.com>>, Adam Montville <amontville@tripwire.com<mailto:amontville@tripwire.com>> Cc: "scap_interest@ietf.org<mailto:scap_interest@ietf.org>" <scap_interest@ietf.org<mailto:scap_interest@ietf.org>> Subject: RE: [scap_interest] Operational Aspects We are continuing to work on this and I am very interested in developing standards in this area. I am currently working on developing an open source prototype that can be used to evaluate standardized approaches to this problem. I haven’t published the latest code on this yet, but the original work we started can be found at: http://code.google.com/p/security-automation-content-repository/ The companion presentation to Kent’s from March can be found here: http://scap.nist.gov/events/2011/saddsp/presentations/Security_Automation_Content_Repository_Demo.pdf Dave From: scap_interest-bounces@ietf.org<mailto:scap_interest-bounces@ietf.org> [mailto:scap_interest-bounces@ietf.org] On Behalf Of Kent_Landfield@McAfee.com<mailto:Kent_Landfield@McAfee.com> Sent: Thursday, February 16, 2012 1:46 PM To: lnunez@c3isecurity.com<mailto:lnunez@c3isecurity.com>; amontville@tripwire.com<mailto:amontville@tripwire.com> Cc: scap_interest@ietf.org<mailto:scap_interest@ietf.org> Subject: Re: [scap_interest] Operational Aspects I see the topic of Content Repository interfaces as very important item that really should be worked here. We have been talking about this topic for over two years now as you both are aware. I am including the presentation that was given at SCAP Winter Developer Days last March that may help frame the issues. Kent Landfield Director Content Strategy, Architecture and Standards McAfee | An Intel Company 5000 Headquarters Dr. Plano, Texas 75024 Direct: +1.972.963.7096 Mobile: +1.817.637.8026 Web: www.mcafee.com<http://www.mcafee.com/> From: Luis Nunez <lnunez@c3isecurity.com<mailto:lnunez@c3isecurity.com>> Date: Thu, 16 Feb 2012 11:54:21 -0600 To: Adam Montville <amontville@tripwire.com<mailto:amontville@tripwire.com>> Cc: Kent Landfield <kent_landfield@mcafee.com<mailto:kent_landfield@mcafee.com>>, "scap_interest@ietf.org<mailto:scap_interest@ietf.org>" <scap_interest@ietf.org<mailto:scap_interest@ietf.org>> Subject: Re: [scap_interest] Operational Aspects Since you mentioned "NVD" also known as the National Vulnerability Database. I think at some point the IETF will be helpful in creating a protocol to communicate with these content repositories. Last I counted was 7 content repositories. In no particular order and I am sure there are more out there. -SecPod -Novell -NVD -IT Security Database -Debian -Altx-soft -ln On Feb 14, 2012, at 5:18 PM, Adam Montville wrote: Fair enough. Just throwing things against the wall as they come to mind. Adam From: kent_landfield <kent_landfield@mcafee.com<mailto:kent_landfield@mcafee.com><mailto:kent_landfield@mcafee.com><mailto:kent_landfield@mcafee.com%3e>> Date: Tue, 14 Feb 2012 15:32:38 -0600 To: Adam Montville <amontville@tripwire.com<mailto:amontville@tripwire.com><mailto:amontville@tripwire.com><mailto:amontville@tripwire.com%3e>>, <scap_interest@ietf.org<mailto:scap_interest@ietf.org><mailto:scap_interest@ietf.org><mailto:scap_interest@ietf.org%3e>> Subject: Re: [scap_interest] Operational Aspects Adam, We have more than enough on our plate with the specification / I-D work. Let's see if we can deal with this in a more appropriate forum. I do not see this as that forum. My 2cents… Thanks. Kent Landfield Director Content Strategy, Architecture and Standards McAfee | An Intel Company 5000 Headquarters Dr. Plano, Texas 75024 Direct: +1.972.963.7096 Mobile: +1.817.637.8026 Web: www.mcafee.com<http://www.mcafee.com/> From: Adam Montville <amontville@tripwire.com<mailto:amontville@tripwire.com><mailto:amontville@tripwire.com><mailto:amontville@tripwire.com%3e>> Date: Tue, 14 Feb 2012 15:12:51 -0600 To: "scap_interest@ietf.org<mailto:scap_interest@ietf.org><mailto:scap_interest@ietf.org><mailto:scap_interest@ietf.org%3e>" <scap_interest@ietf.org<mailto:scap_interest@ietf.org><mailto:scap_interest@ietf.org><mailto:scap_interest@ietf.org%3e>> Subject: [scap_interest] Operational Aspects While we're all bantering about on security automation, there's another side to the story. Are there any operational concerns we might address within a WG should one be formed? For example, we have, in the United States, NVD hosting a repository of information. CCE identifiers are moderated and assigned by an operational process. As new enumerations are published and new types of content are conceived, it's easy to imagine the need for some operational standardization. Should we consider standardizing some of these processes, and if so would the WG we seek to establish be the appropriate place for that work? Regards, Adam W. Montville | Security and Compliance Architect Direct: 503 276-7661 Mobile: 360 471-7815 TRIPWIRE | Take CONTROL http://www.tripwire.com _______________________________________________ scap_interest mailing list scap_interest@ietf.org<mailto:scap_interest@ietf.org><mailto:scap_interest@ietf.org> https://www.ietf.org/mailman/listinfo/scap_interest _______________________________________________ scap_interest mailing list scap_interest@ietf.org<mailto:scap_interest@ietf.org> https://www.ietf.org/mailman/listinfo/scap_interest ________________________________ No virus found in this message. Checked by AVG - www.avg.com<http://www.avg.com> Version: 2012.0.1913 / Virus Database: 2112/4813 - Release Date: 02/16/12
- [scap_interest] Operational Aspects Adam Montville
- Re: [scap_interest] Operational Aspects Kent_Landfield
- Re: [scap_interest] Operational Aspects Adam Montville
- Re: [scap_interest] Operational Aspects Luis Nunez
- Re: [scap_interest] Operational Aspects Adam Montville
- Re: [scap_interest] Operational Aspects Gunnar Engelbach
- Re: [scap_interest] Operational Aspects Kent_Landfield
- Re: [scap_interest] Operational Aspects Waltermire, David A.
- Re: [scap_interest] Operational Aspects Adam Montville
- Re: [scap_interest] Operational Aspects Waltermire, David A.
- Re: [scap_interest] Operational Aspects Chandrashekhar B
- Re: [scap_interest] Operational Aspects Jerome Athias