Re: [scap_interest] The Context Concept
"Chernin, Michael A." <mchernin@dtcc.com> Tue, 21 February 2012 14:47 UTC
Return-Path: <mchernin@dtcc.com>
X-Original-To: scap_interest@ietfa.amsl.com
Delivered-To: scap_interest@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 86C5C21F8846 for <scap_interest@ietfa.amsl.com>; Tue, 21 Feb 2012 06:47:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.298
X-Spam-Level:
X-Spam-Status: No, score=-1.298 tagged_above=-999 required=5 tests=[AWL=-1.300, BAYES_50=0.001, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p4OFlHz+OZLI for <scap_interest@ietfa.amsl.com>; Tue, 21 Feb 2012 06:47:41 -0800 (PST)
Received: from sxinet05.dtcc.com (sxinet05.dtcc.com [207.45.45.43]) by ietfa.amsl.com (Postfix) with ESMTP id 2CBDA21F8839 for <scap_interest@ietf.org>; Tue, 21 Feb 2012 06:47:40 -0800 (PST)
From: "Chernin, Michael A." <mchernin@dtcc.com>
To: Jerome Athias <jerome@netpeas.com>, "scap_interest@ietf.org" <scap_interest@ietf.org>
Thread-Topic: [scap_interest] The Context Concept
Thread-Index: AQHM7nAFrHDsBsmsRUe1Vk5cYawuopZHb04Q
Date: Tue, 21 Feb 2012 14:47:30 +0000
Message-ID: <E3EFB6C0D90F82478AF227AA85ECF38015AE1F55@SXEMBP01.corp.dtcc.com>
References: <4F3FF5E2.2080901@netpeas.com>
In-Reply-To: <4F3FF5E2.2080901@netpeas.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [172.18.113.13]
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="_000_E3EFB6C0D90F82478AF227AA85ECF38015AE1F55SXEMBP01corpdtc_"
Subject: Re: [scap_interest] The Context Concept
X-BeenThere: scap_interest@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discussion List for IETFers interested in the Security Content Automation Protocol \(SCAP\)." <scap_interest.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scap_interest>, <mailto:scap_interest-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/scap_interest>
List-Post: <mailto:scap_interest@ietf.org>
List-Help: <mailto:scap_interest-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scap_interest>, <mailto:scap_interest-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Feb 2012 14:47:46 -0000
I agree that when dealing with "threats" that context matters. However, vulnerabilities alone do not imply or guarantee there is an associated threat or risk. In my perfect world there would be a threat indicator standard that links to a structured threat standard that then could describe the CVEs used. This would allow us to continue doing vulnerability management by exposure (no threat context) or by specific threat (which provides context). Aharon DTCC Non-Confidential (White) --------------------------------------------------- Michael "Aharon" Chernin Security Automation Program Manager Corporate Information Security -Depository Trust & Clearing Corporation O: 813-470-2173 From: scap_interest-bounces@ietf.org [mailto:scap_interest-bounces@ietf.org] On Behalf Of Jerome Athias Sent: Saturday, February 18, 2012 2:03 PM To: scap_interest@ietf.org Subject: [scap_interest] The Context Concept In a private discussion I had at ToorCon 9, with Matt Miller (skape); we came to the conclusion that a key (and unresolved) point of automation is the (automatic) definition of the Context in which you are where dealing with a vulnerability (threat). It was also identified (validated?), and introduced by Druid. And then, the Druid's work was related (validated?) at FRHACK 01 by Rodrigo Branco (bsdaemon). Situation awareness (http://en.wikipedia.org/wiki/Situation_awareness) should be taken into account. Maybe search for "military situational awareness". My 2 dirhams /JA <BR>_____________________________________________________________ <FONT size=2><BR> DTCC DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify us immediately and delete the email and any attachments from your system. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.</FONT>
- [scap_interest] The Context Concept Jerome Athias
- Re: [scap_interest] The Context Concept Adam Montville
- Re: [scap_interest] The Context Concept Chernin, Michael A.
- Re: [scap_interest] The Context Concept Luis Nunez
- Re: [scap_interest] The Context Concept Waltermire, David A.
- Re: [scap_interest] The Context Concept Adam Montville
- Re: [scap_interest] The Context Concept David Solin