This email newsletter is designed to bring recent news about CVE,
such as new versions, upcoming conferences, new Web site features,
etc. right to your emailbox. Common Vulnerabilities and Exposures
(CVE) is the standard for information security vulnerability
names. CVE content results from the collaborative efforts of the
CVE Editorial Board, which is comprised of leading representatives
from the information security community. Details on subscribing
(and unsubscribing) to the email newsletter are at the end. Please
feel free to pass this newsletter on to interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/December 10, 2008
-------------------------------------------------------
Contents:
1. Feature Story
2. HOT TOPIC
3. Also in this Issue
4. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
MITRE Presents Making Security Measurable White Paper at "MILCOM
2008"
MITRE Principal Engineer and CVE Adoption Lead Robert A. Martin
presented a white paper entitled "Making Security Measurable and
Manageable" at "MILCOM 2008" on November 19, 2008 in San Diego,
California, USA.
The paper introduces MITRE's Making Security Measurable effort by
explaining in detail how information security data standards such
as CVE, CCE, OVAL, CPE, CAPEC, CWE, and others facilitate both
effective security process coordination and the use of automation
to assess, manage, and improve the security posture of enterprise
security information infrastructures. The paper is available for
download on the Making Security Measurable Web site.
Visit the CVE Calendar page for information on this and other
upcoming events.
LINKS:
"Making Security Measurable and Manageable" White Paper -
http://msm.mitre.org/about/Making_Security_Measurable_and_Manageable.pdf
Making Security Measurable - http://measurablesecurity.mitre.org
MILCOM 2008 - http://www.milcom.org
CVE Calendar - http://cve.mitre.org/news/calendar.html
---------------------------------------------------------------
HOT TOPIC:
CVE Mentioned in MITRE News Release about Recommendation Tracker
CVE was mentioned in a December 1, 2008 MITRE news release
entitled "MITRE Releases New Security Software" about its new,
open source "Recommendation Tracker" software that "facilitates
development of automated security benchmarks." "System
administrators use benchmarks-essentially a set of
recommendations-to securely configure an operating system or
software application and then set up automatic testing to ensure
proper configuration."
CVE is mentioned when the release notes that Recommendation
Tracker is "the latest tool developed by MITRE in the last 10
years to help the security community produce automated,
standardized benchmarks" and that four MITRE-run information
security data standards -- CVE, CCE, CPE, and OVAL -- are among
the six existing standards in the U.S. National Institute of
Standards and Technology's (NIST) Security Content Automation
Protocol (SCAP) to enable automated vulnerability management,
measurement, and policy compliance evaluation.
The release also mentions MITRE's free one-day Benchmark
Development Course that instructs attendees how to use MITRE's
CCE, OVAL, Recommendation Tracker, and Benchmark Editor, as well
as other information assurance standards and tools, to help
vendors and security content developers produce good benchmarks
more efficiently.
LINKS:
MITRE news release -
http://www.mitre.org/news/releases/08/tracker_12_01_2008.html
Recommendation Tracker software -
http://sourceforge.net/projects/rectracker/
Security Content Automation Protocol (SCAP) -
http://nvd.nist.gov/scap.cfm
Benchmark Development Course -
http://www.mitre.org/register2/benchmark/
---------------------------------------------------------------
ALSO IN THIS ISSUE:
* CVE and NIST Partner to Create New CVE Adoption/Validation
Program
Read these stories and more news at http://cve.mitre.org/news
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: David Mann, Information Security Technical
Center. Writer: Bob Roberge. The MITRE Corporation (www.mitre.org)
maintains CVE and provides impartial technical guidance to the CVE
Editorial Board on all matters related to ongoing development of
CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new
email message and copy the following text to the BODY of the
message "SIGNOFF CVE-Announce-list", then send the message to:
listserv@lists.mitre.org. To subscribe, send an email message to
listserv@lists.mitre.org with the following text in the BODY of
the message: "SUBSCRIBE CVE-Announce-List".
Copyright 2008, The MITRE Corporation. CVE and the CVE logo are
registered trademarks of The MITRE Corporation.
For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org. Learn more
about Making Security Measurable at
http://measurablesecurity.mitre.org.
No comments:
Post a Comment