Re: [scap_interest] The Context Concept

"Chernin, Michael A." <> Tue, 21 February 2012 14:47 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 86C5C21F8846 for <>; Tue, 21 Feb 2012 06:47:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.298
X-Spam-Status: No, score=-1.298 tagged_above=-999 required=5 tests=[AWL=-1.300, BAYES_50=0.001, HTML_MESSAGE=0.001]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id p4OFlHz+OZLI for <>; Tue, 21 Feb 2012 06:47:41 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 2CBDA21F8839 for <>; Tue, 21 Feb 2012 06:47:40 -0800 (PST)
From: "Chernin, Michael A." <>
To: Jerome Athias <>, "" <>
Thread-Topic: [scap_interest] The Context Concept
Thread-Index: AQHM7nAFrHDsBsmsRUe1Vk5cYawuopZHb04Q
Date: Tue, 21 Feb 2012 14:47:30 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="_000_E3EFB6C0D90F82478AF227AA85ECF38015AE1F55SXEMBP01corpdtc_"
Subject: Re: [scap_interest] The Context Concept
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discussion List for IETFers interested in the Security Content Automation Protocol \(SCAP\)." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 21 Feb 2012 14:47:46 -0000

I agree that when dealing with "threats" that context matters. However, vulnerabilities alone do not imply or guarantee there is an associated threat or risk.

In my perfect world there would be a threat indicator standard that links to a structured threat standard that then could describe the CVEs used. This would allow us to continue doing vulnerability management by exposure (no threat context) or by specific threat (which provides context).


DTCC Non-Confidential (White)
Michael "Aharon" Chernin
Security Automation Program Manager
Corporate Information Security -Depository Trust & Clearing Corporation
O: 813-470-2173

From: [] On Behalf Of Jerome Athias
Sent: Saturday, February 18, 2012 2:03 PM
Subject: [scap_interest] The Context Concept

In a private discussion I had at ToorCon 9, with Matt Miller (skape);
we came to the conclusion that a key (and unresolved) point of automation is the (automatic) definition of the Context in which you are where dealing with a vulnerability (threat).
It was also identified (validated?), and introduced by Druid.
And then, the Druid's work was related (validated?) at FRHACK 01 by Rodrigo Branco (bsdaemon).

Situation awareness ( should be taken into account.
Maybe search for "military situational awareness".

My 2 dirhams

<FONT size=2><BR>
DTCC DISCLAIMER: This email and any files transmitted with it are
confidential and intended solely for the use of the individual or
entity to whom they are addressed. If you have received this email
in error, please notify us immediately and delete the email and any
attachments from your system. The recipient should check this email
and any attachments for the presence of viruses.  The company
accepts no liability for any damage caused by any virus transmitted
by this email.</FONT>