This email newsletter is designed to bring recent news about CVE,
such as new versions, upcoming conferences, new Web site
features, etc. right to your emailbox. Common Vulnerabilities and
Exposures (CVE) is the standard for information security
vulnerability names. CVE content results from the collaborative
efforts of the CVE Editorial Board, which is comprised of leading
representatives from the information security community. Details
on subscribing (and unsubscribing) to the email newsletter are at
the end. Please feel free to pass this newsletter on to
interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/October 10, 2008
-------------------------------------------------------
Contents:
1. Feature Story
2. HOT TOPIC
3. Also in this Issue
4. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
CVE-Related Workshops and "Making Security Measurable" Table
Booth at "Security Automation Conference 2008," September 23-25
The CVE Team contributed to CVE-related workshops and MITRE
hosted a Making Security Measurable table booth at the U.S.
National Institute of Standards and Technology's (NIST) "Security
Automation Conference & Workshop 2008" on September 23-25, 2008
in Gaithersburg, Maryland, USA.
NIST's Security Content Automation Protocol (SCAP) employs
existing community standards to enable "automated vulnerability
management, measurement, and policy compliance evaluation (e.g.,
FISMA compliance)," and CVE is one of the six open standards SCAP
uses for enumerating, evaluating, and measuring the impact of
software problems and reporting results.
CVE and NIST also recently announced a partnership to replace the
CVE Compatibility program with two independent but complementary
efforts, a "CVE Adoption Program" managed by MITRE and a
"Security Content Automation Protocol (SCAP) Validation Program"
managed by NIST. Refer to the CVE Adoption Program page at
http://cve.mitre.org/adoption for additional information.
Visit the CVE Calendar for information on this and other events.
LINKS:
NIST - http://www.nist.gov
Security Automation Conference & Workshop 2008 -
http://www.nist.gov/public_affairs/confpage/080923.htm
SCAP Validation Program - http://nvd.nist.gov/validation.cfm
CVE Adoption Program - http://cve.mitre.org/adoption
CVE Calendar - http://cve.mitre.org/news/calendar.html
---------------------------------------------------------------
HOT TOPIC:
NSFocus Information Technology Makes Four Declarations of CVE
Compatibility
NSFocus Information Technology (Beijing) Co., Ltd. declared that
its ICEYE NIPS (Network Intrusion Prevention System), ICEYE SCM
(Security Content Management System), ICEYE SG (Security
Gateway), and ICEYE WAF (Web Application Firewall) are
CVE-Compatible.
For additional information about these and other CVE-compatible
products, visit the CVE-Compatible Products and Services section.
LINKS:
NSFocus Information Technology (Beijing) Co., Ltd. -
http://www.nsfocus.com
CVE Compatibility - http://cve.mitre.org/compatible/index.html
CVE Adoption Program - http://cve.mitre.org/adoption
---------------------------------------------------------------
ALSO IN THIS ISSUE:
* CVE and NIST Partner to Create New CVE Adoption/Validation
Program
Read these stories and more news at http://cve.mitre.org/news
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: David Mann, Information Security Technical
Center. Writer: Bob Roberge. The MITRE Corporation
(www.mitre.org) maintains CVE and provides impartial technical
guidance to the CVE Editorial Board on all matters related to
ongoing development of CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new
email message and copy the following text to the BODY of the
message "SIGNOFF CVE-Announce-list", then send the message to:
listserv@lists.mitre.org. To subscribe, send an email message to
listserv@lists.mitre.org with the following text in the BODY of
the message: "SUBSCRIBE CVE-Announce-List".
Copyright 2008, The MITRE Corporation. CVE and the CVE logo are
registered trademarks of The MITRE Corporation.
For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org. Learn
more about Making Security Measurable at
http://measurablesecurity.mitre.org.
