Re: [scap_interest] Operational Aspects

Adam Montville <amontville@tripwire.com> Thu, 16 February 2012 17:56 UTC

Return-Path: <amontville@tripwire.com>
X-Original-To: scap_interest@ietfa.amsl.com
Delivered-To: scap_interest@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2567721F883A for <scap_interest@ietfa.amsl.com>; Thu, 16 Feb 2012 09:56:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.307
X-Spam-Level:
X-Spam-Status: No, score=-4.307 tagged_above=-999 required=5 tests=[AWL=-0.708, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VyS2TdT99hTB for <scap_interest@ietfa.amsl.com>; Thu, 16 Feb 2012 09:56:30 -0800 (PST)
Received: from DB3EHSOBE005.bigfish.com (db3ehsobe002.messaging.microsoft.com [213.199.154.140]) by ietfa.amsl.com (Postfix) with ESMTP id 6093B21F87EC for <scap_interest@ietf.org>; Thu, 16 Feb 2012 09:56:30 -0800 (PST)
Received: from mail62-db3-R.bigfish.com (10.3.81.253) by DB3EHSOBE005.bigfish.com (10.3.84.25) with Microsoft SMTP Server id 14.1.225.23; Thu, 16 Feb 2012 17:56:29 +0000
Received: from mail62-db3 (localhost [127.0.0.1]) by mail62-db3-R.bigfish.com (Postfix) with ESMTP id 4694F4A02A1; Thu, 16 Feb 2012 17:56:29 +0000 (UTC)
X-SpamScore: -36
X-BigFish: VPS-36(zzbb2dI9371I1432N1418M98dKzz1202hzz1033IL8275bh8275dhz2dh2a8h668h839h946h)
X-Forefront-Antispam-Report: CIP:174.47.84.216; KIP:(null); UIP:(null); IPV:NLI; H:PDXHB01.tripwire.com; RD:174-47-84-216.static.twtelecom.net; EFVD:NLI
Received: from mail62-db3 (localhost.localdomain [127.0.0.1]) by mail62-db3 (MessageSwitch) id 1329414986989966_27958; Thu, 16 Feb 2012 17:56:26 +0000 (UTC)
Received: from DB3EHSMHS018.bigfish.com (unknown [10.3.81.236]) by mail62-db3.bigfish.com (Postfix) with ESMTP id E5728480263; Thu, 16 Feb 2012 17:56:26 +0000 (UTC)
Received: from PDXHB01.tripwire.com (174.47.84.216) by DB3EHSMHS018.bigfish.com (10.3.87.118) with Microsoft SMTP Server (TLS) id 14.1.225.23; Thu, 16 Feb 2012 17:56:26 +0000
Received: from PDXHB01.tripwire.com (172.30.0.53) by PDXED01.tripwire.com (192.168.192.5) with Microsoft SMTP Server (TLS) id 14.1.355.2; Thu, 16 Feb 2012 10:05:08 -0800
Received: from PDXMB02.tripwire.com ([fe80::f997:7b65:8e64:438e]) by PDXHB01.tripwire.com ([fe80::d495:98d2:7df4:2154%11]) with mapi id 14.01.0355.002; Thu, 16 Feb 2012 09:56:23 -0800
From: Adam Montville <amontville@tripwire.com>
To: Luis Nunez <lnunez@c3isecurity.com>
Thread-Topic: [scap_interest] Operational Aspects
Thread-Index: AQHM611pUdMxDo8SrEm/UADfFmLhZ5Y9b7oA//+GooCAA2EKgP//enOA
Date: Thu, 16 Feb 2012 17:56:22 +0000
Message-ID: <CB62830E.950B%amontville@tripwire.com>
In-Reply-To: <27F65864-3773-40C9-BB6F-8909CB0E94AD@c3isecurity.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.14.0.111121
x-originating-ip: [172.30.0.234]
x-exclaimer-md-config: 79afcaa7-fdf4-4fa6-abe0-afeaa4640a4f
Content-Type: text/plain; charset="Windows-1252"
Content-ID: <AC033AA2291439468CC8C6153D4CE050@tripwire.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: tripwire.com
Cc: "scap_interest@ietf.org" <scap_interest@ietf.org>
Subject: Re: [scap_interest] Operational Aspects
X-BeenThere: scap_interest@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discussion List for IETFers interested in the Security Content Automation Protocol \(SCAP\)." <scap_interest.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scap_interest>, <mailto:scap_interest-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/scap_interest>
List-Post: <mailto:scap_interest@ietf.org>
List-Help: <mailto:scap_interest-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scap_interest>, <mailto:scap_interest-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Feb 2012 17:56:35 -0000

Red Hat might have one for their systems as well.

Also, I think that continuous monitoring has an important role to play
here with their content repository interface specifications.

Adam

On 2/16/12 9:54 AM, "Luis Nunez" <lnunez@c3isecurity.com> wrote:

>Since you mentioned "NVD" also known as the National Vulnerability
>Database.  I think at some point the IETF will be helpful in creating a
>protocol to communicate with these content repositories.  Last I counted
>was 7 content repositories.
>In no particular order and I am sure there are more out there.
>
>-SecPod
>-Novell
>-NVD
>-IT Security Database
>-Debian 
>-Altx-soft
>
>-ln
>
>  
>On Feb 14, 2012, at 5:18 PM, Adam Montville wrote:
>
>> Fair enough.  Just throwing things against the wall as they come to
>>mind.
>> 
>> Adam
>> 
>> From: kent_landfield
>><kent_landfield@mcafee.com<mailto:kent_landfield@mcafee.com>>
>> Date: Tue, 14 Feb 2012 15:32:38 -0600
>> To: Adam Montville
>><amontville@tripwire.com<mailto:amontville@tripwire.com>>,
>><scap_interest@ietf.org<mailto:scap_interest@ietf.org>>
>> Subject: Re: [scap_interest] Operational Aspects
>> 
>> Adam,
>> 
>> We have more than enough on our plate with the specification / I-D
>>work.  Let's see if we can deal with this in a more appropriate forum. I
>>do not see this as that forum.  My 2centsÅ 
>> 
>> Thanks.
>> 
>> Kent Landfield
>> Director Content Strategy, Architecture and Standards
>> 
>> McAfee | An Intel Company
>> 5000 Headquarters Dr.
>> Plano, Texas 75024
>> 
>> Direct: +1.972.963.7096
>> Mobile: +1.817.637.8026
>> Web: www.mcafee.com<http://www.mcafee.com/>
>> 
>> From: Adam Montville
>><amontville@tripwire.com<mailto:amontville@tripwire.com>>
>> Date: Tue, 14 Feb 2012 15:12:51 -0600
>> To: "scap_interest@ietf.org<mailto:scap_interest@ietf.org>"
>><scap_interest@ietf.org<mailto:scap_interest@ietf.org>>
>> Subject: [scap_interest] Operational Aspects
>> 
>> While we're all bantering about on security automation, there's another
>>side to the story.  Are there any operational concerns we might address
>>within a WG should one be formed?  For example, we have, in the United
>>States, NVD hosting a repository of information.  CCE identifiers are
>>moderated and assigned by an operational process.  As new enumerations
>>are published and new types of content are conceived, it's easy to
>>imagine the need for some operational standardization.
>> 
>> Should we consider standardizing some of these processes, and if so
>>would the WG we seek to establish be the appropriate place for that work?
>> 
>> Regards,
>> 
>> Adam W. Montville | Security and Compliance Architect
>> 
>> Direct: 503 276-7661
>> Mobile: 360 471-7815
>> 
>> TRIPWIRE | Take CONTROL
>> http://www.tripwire.com
>> 
>> _______________________________________________
>> scap_interest mailing list
>> scap_interest@ietf.org<mailto:scap_interest@ietf.org>
>> https://www.ietf.org/mailman/listinfo/scap_interest
>> 
>> 
>> _______________________________________________
>> scap_interest mailing list
>> scap_interest@ietf.org
>> https://www.ietf.org/mailman/listinfo/scap_interest
>
>