This email newsletter is designed to bring recent news about CVE,
such as new versions, upcoming conferences, new Web site features,
etc. right to your emailbox. Common Vulnerabilities and Exposures
(CVE) is the standard for information security vulnerability
names. CVE content results from the collaborative efforts of the
CVE Editorial Board, which is comprised of leading representatives
from the information security community. Details on subscribing
(and unsubscribing) to the email newsletter are at the end. Please
feel free to pass this newsletter on to interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/September 8, 2009
-------------------------------------------------------
Contents:
1. Feature Story
2. Also in this Issue
3. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
CVE Included as Topic at "IT Security Automation Conference 2009",
October 26-29
CVE will be included as a topic at the U.S. National Institute of
Standards and Technology's (NIST) "5th Annual IT Security
Automation Conference" on October 26-29, 2008 in Baltimore,
Maryland, USA. The CVE Team is also scheduled to contribute to the
CVE-related workshops.
NIST's Security Content Automation Protocol (SCAP) employs
existing community standards to enable "automated vulnerability
management, measurement, and policy compliance evaluation (e.g.,
FISMA compliance)," and CVE is one of the six open standards SCAP
uses for enumerating, evaluating, and measuring the impact of
software problems and reporting results. The other five standards
are Open Vulnerability and Assessment Language (OVAL), a standard
XML for security testing procedures and reporting; Common
Configuration Enumeration (CCE), standard identifiers and a
dictionary for system security configuration issues; Common
Platform Enumeration (CPE), standard identifiers and a dictionary
for platform and product naming; Extensible Configuration
Checklist Description Format (XCCDF), a standard for specifying
checklists and reporting results; and Common Vulnerability Scoring
System (CVSS), a standard for conveying and scoring the impact of
vulnerabilities.
Visit the CVE Calendar for information on this and other events.
LINKS:
IT Security Automation Conference 2009 -
http://www.nist.gov/public_affairs/confpage/091026.htm
SCAP - http://nvd.nist.gov/scap.cfm
CVE Calendar - http://cve.mitre.org/news/calendar.html
---------------------------------------------------------------
ALSO IN THIS ISSUE:
* MITRE Presents Making Security Measurable Briefing at "GFIRST5:
The 5 Pillars of Cyber Security"
Read these stories and more news at http://cve.mitre.org/news
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: David Mann, Information Security Technical
Center. Writer: Bob Roberge. The MITRE Corporation (www.mitre.org)
maintains CVE and provides impartial technical guidance to the CVE
Editorial Board on all matters related to ongoing development of
CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new
email message and copy the following text to the BODY of the
message "SIGNOFF CVE-Announce-list", then send the message to:
listserv@lists.mitre.org. To subscribe, send an email message to
listserv@lists.mitre.org with the following text in the BODY of
the message: "SUBSCRIBE CVE-Announce-List".
Copyright 2009, The MITRE Corporation. CVE and the CVE logo are
registered trademarks of The MITRE Corporation.
For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org. Learn more
about Making Security Measurable at
http://measurablesecurity.mitre.org.
No comments:
Post a Comment