This email newsletter is designed to bring recent news about CVE,
such as new versions, upcoming conferences, new Web site features,
etc. right to your emailbox. Common Vulnerabilities and Exposures
(CVE) is the standard for information security vulnerability
names. CVE content results from the collaborative efforts of the
CVE Editorial Board, which is comprised of leading representatives
from the information security community. Details on subscribing
(and unsubscribing) to the email newsletter are at the end. Please
feel free to pass this newsletter on to interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/September 11, 2008
-------------------------------------------------------
Contents:
1. Feature Story
2. UPCOMING EVENT
3. Also in this Issue
4. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
CVE and NIST Partner to Create New CVE Adoption/Validation
Programs
CVE has partnered with the U.S. National Institute of Standards
and Technology (NIST) to replace the CVE Compatibility program
with two independent but complementary efforts, a "CVE Adoption
Program" managed by MITRE and the "Security Content Automation
Protocol (SCAP) Validation Program" managed by NIST.
NIST will provide additional details about the new programs at its
"Security Automation Conference & Workshop 2008" on September
23-24, 2008 in Gaithersburg, Maryland, USA.
During the coming months the CVE Web site will be updated to
reflect the new program. Products currently listed in the CVE
Compatibility section will be moved into a new CVE Adoption
section. Additional information is available on the CVE Adoption
Program page at http://cve.mitre.org/adoption/index.html.
LINKS:
NIST - http://www.nist.gov
Security Automation Conference & Workshop 2008 -
http://www.nist.gov/public_affairs/confpage/080923.htm
SCAP Validation Program - http://nvd.nist.gov/validation.cfm
CVE Adoption Program - http://cve.mitre.org/adoption
---------------------------------------------------------------
UPCOMING EVENT:
CVE Included as Topic at "Security Automation Conference 2008,"
September 23-25
CVE will be included as a topic at the U.S. National Institute of
Standards and Technology's (NIST) "Security Automation Conference
& Workshop 2008" on September 23-25, 2008 in Gaithersburg,
Maryland, USA. The CVE Team is also scheduled to contribute to the
CVE-related workshops.
NIST's Security Content Automation Protocol (SCAP) employs
existing community standards to enable "automated vulnerability
management, measurement, and policy compliance evaluation (e.g.,
FISMA compliance)," and CVE is one of the six open standards SCAP
uses for enumerating, evaluating, and measuring the impact of
software problems and reporting results. The other five standards
are Open Vulnerability and Assessment Language (OVAL), a standard
XML for security testing procedures and reporting; Common
Configuration Enumeration (CCE), standard identifiers and a
dictionary for system security configuration issues; Common
Platform Enumeration (CPE), standard identifiers and a dictionary
for platform and product naming; Extensible Configuration
Checklist Description Format (XCCDF), a standard for specifying
checklists and reporting results; and Common Vulnerability Scoring
System (CVSS), a standard for conveying and scoring the impact of
vulnerabilities.
Visit the CVE Calendar for information on this and other events.
LINKS:
Security Automation Conference 2008 -
http://www.nist.gov/public_affairs/confpage/080923.htm
SCAP - http://nvd.nist.gov/scap.cfm
CVE Calendar - http://cve.mitre.org/news/calendar.html
---------------------------------------------------------------
ALSO IN THIS ISSUE:
* Adoption of CVE by Oracle Announced on Oracle's Global Product
Security Blog
Read these stories and more news at http://cve.mitre.org/news
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: David Mann, Information Security Technical
Center. Writer: Bob Roberge. The MITRE Corporation (www.mitre.org)
maintains CVE and provides impartial technical guidance to the CVE
Editorial Board on all matters related to ongoing development of
CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new
email message and copy the following text to the BODY of the
message "SIGNOFF CVE-Announce-list", then send the message to:
listserv@lists.mitre.org. To subscribe, send an email message to
listserv@lists.mitre.org with the following text in the BODY of
the message: "SUBSCRIBE CVE-Announce-List".
Copyright 2008, The MITRE Corporation. CVE and the CVE logo are
registered trademarks of The MITRE Corporation.
For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org. Learn more
about Making Security Measurable at
http://measurablesecurity.mitre.org.
