Patch Announcement: 2010

Monday, December 20, 2010

CVE Announce - December 20, 2010 (opt-in newsletter from the CVE Web site)

Welcome to the latest edition of the CVE-Announce e-newsletter. This email
newsletter is designed to bring recent news about CVE, such as new versions,
upcoming conferences, new Web site features, etc. right to your email box.
Common Vulnerabilities and Exposures (CVE) is the standard for information
security vulnerability names. CVE content results from the collaborative
efforts of the CVE Editorial Board, which is comprised of leading
representatives from the information security community. Details on
subscribing (and unsubscribing) to the email newsletter are at the end.
Please feel free to pass this newsletter on to interested colleagues.

Comments: cve@mitre.org

-------------------------------------------------------
CVE-Announce e-newsletter/December 20, 2010
-------------------------------------------------------

Contents:

1. Feature Story
2. Hot Topic
3. Upcoming Event
4. Also in this Issue
5. Details/Credits + Subscribing and Unsubscribing

FEATURE STORY:

3 Products and Services from 2 Organizations Now Registered as Officially
"CVE-Compatible"

Three additional information security products and services have achieved
the final stage of MITRE's formal CVE Compatibility Process and are now
officially "CVE-Compatible." The products and services are now eligible to
use the CVE-Compatible Product/Service logo, and a completed and reviewed
"CVE Compatibility Requirements Evaluation" questionnaire is posted for each
product as part of the organization's listing on the CVE-Compatible Products
and Services page on the CVE Web site. A total of 111 products to-date have
been recognized as officially compatible.

The following products are now registered as officially "CVE-Compatible":

* Xi'an Jiaotong University Jump Network Technology Co., Ltd. - JumpIPS
- Jump NVAS

* Offensive Security - Exploit Database

Use of the official CVE-Compatible logo will allow system administrators and
other security professionals to look for the logo when adopting
vulnerability management products and services for their enterprises and the
compatibility process questionnaire will help end-users compare how
different products and services satisfy the CVE compatibility requirements,
and therefore which specific implementations are best for their networks and
systems.

For additional information about CVE compatibility and to review all
products and services listed, visit the CVE Compatibility Process and
CVE-Compatible Products and Services.

LINKS:

Jump Network Technology - http://www.jump.net.cn/

Offensive Security - http://www.offensive-security.com/

CVE Compatibility Process - http://cve.mitre.org/compatible/process.html

CVE-Compatible Products - http://cve.mitre.org/compatible/

---------------------------------------------------------------
HOT TOPIC:

New ISO/IEC Report Lists the 51 Most Common Vulnerabilities in Programming
Languages

The International Organization for Standardization (ISO) and International
Electrotechnical Commission (IEC) issued a joint technical report (TR) on
September 29, 2010 entitled "ISO/IEC TR 24772:2010, Information technology
-- Programming languages -- Guidance to avoiding vulnerabilities in
programming languages through language selection and use" that describes
classes of programming language vulnerabilities-features of languages that
encourage or permit the writing of code that contains application
vulnerabilities. The report describes 51 vulnerabilities in languages
themselves, as well as 20 additional vulnerabilities that could be avoided
by offering a richer set of library routines.

According to the report, programming language vulnerabilities should
especially be avoided "in the development of systems where assured behaviour
is required for security, safety, mission critical and business critical
software. In general, this guidance is applicable to the software developed,
reviewed, or maintained for any application." The report explains that the
vulnerabilities occur in programming languages due to issues arising from
incomplete or evolving language specifications, human cognitive limitations,
lack of predictable execution, lack of portability and interoperability,
inadequate language intrinsic support, and language features prone to
erroneous use.

All of the vulnerabilities are documented in a standardized,
language-independent format that allows readers to quickly comprehend and
utilize the information. The report also provides standardized templates for
the community to use when a new programming language vulnerability and/or
resulting application vulnerability is identified.

No one language contains all of the vulnerabilities described in the report,
but most are very common. Of the programming language and application
vulnerabilities detailed in the report, 17 are also on the 2010 CWE/SANS Top
25 Most Dangerous Software Errors list. Future editions of the report will
cover the remainder of the Top 25, any additional programming language and
application vulnerabilities found in follow-on work, and annexes that apply
the general guidance to particular programming languages.

The report is available for purchase from http://www.iso.org and
http://www.ansi.org.

---------------------------------------------------------------
UPCOMING EVENT:

CVE/Making Security Measurable Booth at "Black Hat DC 2011," January 18-19

MITRE will host a CVE/Making Security Measurable booth at "Black Hat DC
2011," on January 18-19, 2011 in Arlington, Virginia, USA.

Visit the CVE Calendar for information on this and other events.

LINKS:

Black Hat DC 2011 - http://www.blackhat.com/

Making Security Measurable - http://makingsecuritymeasurable.mitre.org/

CVE Calendar - http://cve.mitre.org/news/calendar.html

---------------------------------------------------------------
ALSO IN THIS ISSUE:

* CVE/Making Security Measurable Briefing at "ITU-T Security Workshop"

* CVE/Making Security Measurable Briefing at "Rethinking Cyber Security: A
Systems-Based Approach Conference"

Read these stories and more news at http://cve.mitre.org/news

---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing

Managing Editor: Steve Boyle, Information Security Technical Center. Writer:
Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE and
provides impartial technical guidance to the CVE Editorial Board on all
matters related to ongoing development of CVE.

To unsubscribe from the CVE-Announce e-newsletter, open a new email message
and copy the following text to the BODY of the message "SIGNOFF
CVE-Announce-list", then send the message to: listserv@lists.mitre.org. To
subscribe, send an email message to listserv@lists.mitre.org with the
following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".

For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org. Learn more about
Making Security Measurable at http://measurablesecurity.mitre.org.

Tuesday, November 9, 2010

CVE Announce - November 9, 2010 (opt-in newsletter from the CVE Web site)

Comments: cve@mitre.org

-------------------------------------------------------
CVE-Announce e-newsletter/November 9, 2010
-------------------------------------------------------

Contents:

1. Feature Story
2. Upcoming Event
3. Also in this Issue
4. Details/Credits + Subscribing and Unsubscribing

FEATURE STORY:

Five Products and Services from Four Organizations Now Registered as
Officially "CVE-Compatible"

Five additional information security products and services have achieved the
final stage of MITRE's formal CVE Compatibility Process and are now
officially "CVE-Compatible." The products and services are now eligible to
use the CVE-Compatible Product/Service logo, and a completed and reviewed
"CVE Compatibility Requirements Evaluation" questionnaire is posted for each
product as part of the organization's listing on the CVE-Compatible Products
and Services page on the CVE Web site. A total of 108 products to-date have
been recognized as officially compatible.

The following products are now registered as officially "CVE-Compatible":

* Rapid7 LLC - Metasploit Express
- Metasploit Pro

* InfoSec Technology Co., Ltd. - TESS TMS (Threats Management System)

* Lexsi - CSI Vulnerability Database

* Beijing Venustech Security Inc. - Venusense Threat Detection and
Intelligent Analysis System

For additional information about CVE compatibility and to review all
products and services listed, visit the CVE Compatibility Process and
CVE-Compatible Products and Services.

LINKS:

Rapid7 LLC - http://www.rapid7.com/

InfoSec Technology Co., Ltd. - http://www.infosec.co.kr/

Lexsi - http://www.lexsi.com/

Beijing Venustech Security Inc. - http://www.venustech.com.cn/

CVE Compatibility Process - http://cve.mitre.org/compatible/process.html

CVE-Compatible Products - http://cve.mitre.org/compatible/

---------------------------------------------------------------
UPCOMING EVENT:

CVE/Making Security Measurable Briefing at "Rethinking Cyber Security: A
Systems-Based Approach Conference," November 16-17

CVE Compatibility Lead and CWE Program Manager Robert A. Martin will
presented a briefing about CVE/Making Security Measurable and the Common
Weakness Enumeration (CWE) at "Rethinking Cyber Security: A Systems-Based
Approach Conference" on November 16-17, 2010 in Charlottesville, Virginia,
USA.

Visit the CVE Calendar for information on this and other events.

LINKS:

"Rethinking Cyber Security: A Systems-Based Approach Conference" -
http://www.regonline.com/register/checkin.aspx?EventId=890221

Common Weakness Enumeration - http://cwe.mitre.org/

Making Security Measurable - http://makingsecuritymeasurable.mitre.org/

CVE Calendar - http://cve.mitre.org/news/calendar.html

---------------------------------------------------------------
ALSO IN THIS ISSUE:

* Numara Software, Inc. Makes Three Declarations of CVE Compatibility

* Serkan Ozkan Makes Declaration of CVE Compatibility

* Positive Technologies Makes Declaration of CVE Compatibility

Read these stories and more news at http://cve.mitre.org/news

---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing

For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org. Learn more about
Making Security Measurable at http://measurablesecurity.mitre.org.

Thursday, August 19, 2010

CVE Announce - August 19, 2010 (opt-in newsletter from the CVE Web site)

Welcome to the latest edition of the CVE-Announce e-newsletter. This email
newsletter is designed to bring recent news about CVE, such as new versions,
upcoming conferences, new Web site features, etc. right to your emailbox.
Common Vulnerabilities and Exposures (CVE) is the standard for information
security vulnerability names. CVE content results from the collaborative
efforts of the CVE Editorial Board, which is comprised of leading
representatives from the information security community. Details on
subscribing (and unsubscribing) to the email newsletter are at the end.
Please feel free to pass this newsletter on to interested colleagues.

Comments: cve@mitre.org

-------------------------------------------------------
CVE-Announce e-newsletter/August 19, 2010
-------------------------------------------------------

Contents:

1. Feature Story
2. HOT TOPIC #1
3. HOT TOPIC #2
4. Upcoming Event
5. Also in this Issue
6. Details/Credits + Subscribing and Unsubscribing

FEATURE STORY:

Three Products and Services from Two Organizations Now Registered as
Officially "CVE-Compatible"

Three additional information security products and services have achieved
the final stage of MITRE's formal CVE Compatibility Process and are now
officially "CVE-Compatible." The products and services are now eligible to
use the CVE-Compatible Product/Service logo, and a completed and reviewed
"CVE Compatibility Requirements Evaluation" questionnaire is posted for each
product as part of the organization's listing on the CVE-Compatible Products
and Services page on the CVE Web site. A total of 103 products to-date have
been recognized as officially compatible.

The following products are now registered as officially "CVE-Compatible":

* NOWCOM.co., Ltd. - SNIPER IPS
- SecureCAST

* Legendsec Technology Co. Ltd. - Legendsec SecIDS 3600 Intrusion Detection
System

For additional information about CVE compatibility and to review all
products and services listed, visit the CVE Compatibility Process and
CVE-Compatible Products and Services pages.

LINKS:

NOWCOM.co., Ltd. - http://www.nowcom.co.kr/

Legendsec Technology Co. Ltd. - http://www.legendsec.com/

CVE Compatibility Process - http://cve.mitre.org/compatible/process.html

CVE-Compatible Products - http://cve.mitre.org/compatible/

---------------------------------------------------------------
HOT TOPIC #1:

JPCERT/CC Becomes CVE Numbering Authority

Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) has
become a CVE Numbering Authority (CNA). JPCERT/CC will begin releasing Japan
Vulnerability Notes (JVN) and JVN iPedia entries that contain reserved CVE
Identifier numbers.

Steve Christey, Editor of the CVE List, said, "We are pleased that important
vulnerabilities in Japanese products will be announced with CVE numbers,
thanks to the Japanese CERT's new role as a CNA. This will help Japanese
consumers to better manage vulnerabilities within their networks.
JPCERT/CC's active participation in the CVE Initiative demonstrates how
international relationships can improve how vulnerability information is
shared across the globe."

Reference maps for JVN and JVNDB identifiers are available to link these
identifiers to their associated CVE Identifier numbers.

JPCERT/CC works with the Information-technology Promotion Agency (IPA) under
the Information Security Early Warning Partnership in Japan.

For additional information about CNAs, and to review the complete list of
organizations participating, visit the CVE Numbering Authorities page.

LINKS:

JPCERT/CC - http://www.jpcert.or.jp/english/

CVE Numbering Authorities - http://cve.mitre.org/cve/cna.html

---------------------------------------------------------------
HOT TOPIC #2:

CVE Mentioned in Two Recent Industry Publications

CVE was mentioned in a June 2010 white paper published by the Software
Assurance Forum for Excellence in Code (SAFECode) entitled "An Overview of
Software Integrity Practices: An Assurance-Based Approach to Minimizing
Risks in the Software Supply Chain."

CVE is mentioned in a section on Vulnerability Response in which the
author's state: "In today's world, vendors must push for a more formal
understanding of how well their suppliers are equipped with the capability
to collect input on vulnerabilities from researchers, customers or sources
and turn around a meaningful impact analysis and appropriate remedies in the
short timeframes involved. The fact is that the handling of such
vulnerabilities will likely become a joint responsibility in the face of
downstream visibility to customers. No one can afford to be surprised about
a supplier's potential immaturity in handling these challenges in the middle
of a situation. Suppliers provide common terminology for these discussions
by using now-default references to well-known specifications like Common
Vulnerabilities and Exposures (CVE) and Common Vulnerability Scoring System
(the CVSS). Each party should identify contact personnel and review timing
and escalation paths as appropriate to be prepared to provide a prompt
response."

Also, CVE was mentioned in article entitled "Securing Voice over Internet
Protocol" in the June 2010 issue of "Hakin9". CVE is mentioned in a section
on "Hardening Your VoIP Against Attack" in which the author states:
"Consistent repair of your Common Vulnerabilities and Exposures (CVEs) is
the litmus test that all information security professionals will be judged
by regarding how successfully they are protecting their VoIP networks.
Repairing vulnerabilities also helps you stay in compliance with related
regulations, including GLBA, HIPAA, 21 CFR FDA 11, E-Sign and SOX-404. CVE
Management is the key to hardening your VoIP and removing defects from your
computers and networking equipment." CVE is also mentioned a section on
"Possible VoIP Attacks" in which the author describes specific examples of
the "types of attacks on your VoIP that [vulnerabilities named by] CVEs can
make it vulnerable to".

LINKS:

SAFECode software integrity white paper -
http://www.safecode.org/publications/SAFECode_Software_Integrity_Controls061
0.pdf

Hakin9 voip security article -
http://download.hakin9.org/en/Securing_VoIP_06_2010.pdf

---------------------------------------------------------------
UPCOMING EVENT:

CVE Included as Topic at "IT Security Automation Conference 2010", September
27-29

CVE will be included as a topic at the U.S. National Institute of Standards
and Technology's (NIST) "6th Annual IT Security Automation Conference 2010"
on September 27-29, 2010 in Baltimore, Maryland, USA. The CVE Team is also
scheduled to contribute to the CVE-related workshops.

The U.S. National Institute of Standards and Technology's (NIST) SCAP
employs existing community standards to enable "automated vulnerability
management, measurement, and policy compliance evaluation (e.g., FISMA
compliance)," and CVE is one of the six open standards SCAP uses for
enumerating, evaluating, and measuring the impact of software problems and
reporting results. The other five standards are Open Vulnerability and
Assessment Language (OVAL), a standard XML for security testing procedures
and reporting; Common Configuration Enumeration (CCE), standard identifiers
and a dictionary for system security configuration issues; Common Platform
Enumeration (CPE), standard identifiers and a dictionary for platform and
product naming; Extensible Configuration Checklist Description Format
(XCCDF), a standard for specifying checklists and reporting results; and
Common Vulnerability Scoring System (CVSS), a standard for conveying and
scoring the impact of vulnerabilities.

MITRE will also present Software Assurance and Making Security Measurable
briefings, and host a Making Security Measurable booth. We hope to see you
there.

For additional information on this and other events visit the CVE Calendar
page.

LINKS:

IT Security Automation Conference - http://scap.nist.gov/events/

Making Security Measurable - http://makingsecuritymeasurable.mitre.org/

CVE Calendar - http://cve.mitre.org/news/calendar.html

---------------------------------------------------------------
ALSO IN THIS ISSUE:

* Beijing Venustech Security Inc. Makes Declaration of CVE Compatibility

* Novell, Inc. Makes Declaration of CVE Compatibility

* XMCO Partners Makes Declaration of CVE Compatibility

* CVE/Making Security Measurable Booth at "Black Hat Briefings 2010"

Read these stories and more news at http://cve.mitre.org/news

---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing

For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org. Learn more about
Making Security Measurable at http://measurablesecurity.mitre.org.

Wednesday, May 19, 2010

CVE Announce - May 19, 2010 (opt-in newsletter from the CVE Web site)

Welcome to the latest edition of the CVE-Announce e-newsletter. This email
newsletter is designed to bring recent news about CVE, such as new versions,
upcoming conferences, new Web site features, etc. right to your emailbox.
Common Vulnerabilities and Exposures (CVE) is the standard for information
security vulnerability names. CVE content results from the collaborative
efforts of the CVE Editorial Board, which is comprised of leading
representatives from the information security community. Details on
subscribing (and unsubscribing) to the email newsletter are at the end.
Please feel free to pass this newsletter on to interested colleagues.

Comments: cve@mitre.org

-------------------------------------------------------
CVE-Announce e-newsletter/May 19, 2010
-------------------------------------------------------

Contents:

1. Feature Story
2. UPCOMING EVENT
3. Also in this Issue
4. Details/Credits + Subscribing and Unsubscribing

FEATURE STORY:

Three Products and Services from Three Organizations Now Registered as
Officially "CVE-Compatible"

Three additional information security products and services have achieved
the final stage of MITRE's formal CVE Compatibility Process and are now
officially "CVE-Compatible." The products and services are now eligible to
use the CVE-Compatible Product/Service logo, and a completed and reviewed
"CVE Compatibility Requirements Evaluation" questionnaire is posted for each
product as part of the organization's listing on the CVE-Compatible Products
and Services page on the CVE Web site. A total of 100 products to-date have
been recognized as officially compatible.

The following products are now registered as officially "CVE-Compatible":

* Beijing Venustech Security Inc. - Venusense Intrusion Prevention System

* Globant - ATTAKA

* Legendsec Technology Co. Ltd. - Legendsec SecIPS 3600 Intrusion Prevention
System

For additional information about CVE compatibility and to review all
products and services listed, visit the CVE Compatibility Process and
CVE-Compatible Products and Services.

LINKS:

Beijing Venustech Security Inc. - http://www.venustech.com.cn/

Globant - http://www.globant.com/

Legendsec Technology Co. Ltd. - http://www.legendsec.com/

CVE Compatibility Process - http://cve.mitre.org/compatible/process.html

CVE-Compatible Products - http://cve.mitre.org/compatible

---------------------------------------------------------------
UPCOMING EVENT:

Security Automation Developer Days Conference 2010

MITRE is scheduled to host "Security Automation Developer Days Conference
2010" at MITRE in Bedford, Massachusetts, USA on June 14-16, 2010. The
purpose of the three-day event is for the community to discuss all current
and emerging Security Content Automation Protocol (SCAP) standards in
technical detail and to derive solutions that benefit all concerned parties.

A brief technical overview of software assurance efforts sponsored by the
U.S. Department of Homeland Security will also be provided on the third day
of the conference.

LINKS:

Conference Agenda -
http://makingsecuritymeasurable.mitre.org/participation/Security_Automation_Developer_Days_2010_Agenda.pdf

Conference Registration - https://register.mitre.org/devdays/

---------------------------------------------------------------
ALSO IN THIS ISSUE:

* CVE Briefing at "2010 FS-ISAC, FSTC, BITS Annual Summit"

* CVE Briefing at "SOURCE Boston Conference"

* MITRE Hosts CVE/Making Security Measurable Booth at "InfoSec World 2010"

* Photos from 'CVE 10-Year Anniversary Celebration & BOF' at "RSA 2010"

* RedSeal Systems, Inc. Makes Declaration of CVE Compatibility

Read these stories and more news at http://cve.mitre.org/news

---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing

For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org. Learn more about
Making Security Measurable at http://measurablesecurity.mitre.org.

Tuesday, April 6, 2010

RE: Security Automation Developer Days - June 14-16

Over the past few days, I have received a few inquiries about this message.

Some quick follow-up info:

- The public is invited to this event,

- There is no fee,

- You must attend in person in Bedford, MA (i.e. no VTC or telecon)

- We are currently working on a registration site, which we anticipate will be ready within two weeks. We will send out an announcement when it is ready.

Thanks for your interest and your patience,

Steve

From: Boczenowski, Steve
Sent: Wednesday, March 31, 2010 11:20 AM
To: 'Multiple recipients of list'; oval-discussion-list OVAL Discussion List/Closed Public Discussi; oval-developer-list OVAL Developer List/Closed Public Discussion; 'xccdf-dev@nist.gov'; cpe-discussion-list CPE Community Forum; cve-announce-list Common Vulnerabilities and Exposures/CVE Annou; cce-announce-list Common Configuration Enumeration/CCE Announcem; Multiple recipients of list
Subject: Security Automation Developer Days - June 14-16

MITRE is pleased to announce that we will be hosting Security Automation Days here at MITRE in Bedford, MA on June 14 – 16.

Please mark the date.

Below is our tentative agenda.

Look forward to seeing you there.

Steve

Security Automation Days The MITRE Corporation Bedford, Massachusetts June 14 - 16, 2010
Day 1
8:30	0:15	Welcome
8:45	3:00	ARF / ASR / PLARR
11:45	0:15	CVE Status Report
12:00	0:15	CCE Status Report
12:15	0:30	Lunch
12:45	0:15	XCCDF Status Report
13:00	3:30	OVAL
16:30	0:15	Day 1 Wrap-Up

Day 2
8:00	0:15	Welcome
8:15	2:00	Cross-SCAP Standardization
10:15	0:15	Break
10:30	1:35	Remediation - Part 1
12:05	0:10	OCIL Status Report
12:15	0:30	Lunch
12:45	0:15	SCAP v 1.1 Status Report
13:00	3:45	Remediation - Part 2
16:45	0:15	Day 2 Wrap-Up

Day 3
8:00	0:15	Welcome
8:15	2:00	Digital Trust
10:15	0:15	Break
10:30	1:30	CPE - Part 1
12:00	0:15	CEE/EMAP Status Report
12:15	0:30	Lunch
12:45	0:30	CWE / CAPEC / SAFES Overview
13:15	0:10	MAEC Overview
13:25	3:20	CPE - Part 2
16:45	0:15	Day 3 Wrap-Up

______________________________________________

Stephen P. Boczenowski

The MITRE Corporation

Office: (781) 271-7682

Cell: (978) 302-3849

sboczeno@mitre.org

Benchmark Development Course

http://benchmarkdevelopment.mitre.org/

Wednesday, March 31, 2010

Security Automation Developer Days - June 14-16

MITRE is pleased to announce that we will be hosting Security Automation Days here at MITRE in Bedford, MA on June 14 – 16.

Please mark the date.

Below is our tentative agenda.

Look forward to seeing you there.

Steve

Security Automation Days The MITRE Corporation Bedford, Massachusetts June 14 - 16, 2010
Day 1
8:30	0:15	Welcome
8:45	3:00	ARF / ASR / PLARR
11:45	0:15	CVE Status Report
12:00	0:15	CCE Status Report
12:15	0:30	Lunch
12:45	0:15	XCCDF Status Report
13:00	3:30	OVAL
16:30	0:15	Day 1 Wrap-Up

Day 2
8:00	0:15	Welcome
8:15	2:00	Cross-SCAP Standardization
10:15	0:15	Break
10:30	1:35	Remediation - Part 1
12:05	0:10	OCIL Status Report
12:15	0:30	Lunch
12:45	0:15	SCAP v 1.1 Status Report
13:00	3:45	Remediation - Part 2
16:45	0:15	Day 2 Wrap-Up

Day 3
8:00	0:15	Welcome
8:15	2:00	Digital Trust
10:15	0:15	Break
10:30	1:30	CPE - Part 1
12:00	0:15	CEE/EMAP Status Report
12:15	0:30	Lunch
12:45	0:30	CWE / CAPEC / SAFES Overview
13:15	0:10	MAEC Overview
13:25	3:20	CPE - Part 2
16:45	0:15	Day 3 Wrap-Up

______________________________________________

Stephen P. Boczenowski

The MITRE Corporation

Office: (781) 271-7682

Cell: (978) 302-3849

sboczeno@mitre.org

Benchmark Development Course

http://benchmarkdevelopment.mitre.org/

Patch Announcement

Monday, December 20, 2010

CVE Announce - December 20, 2010 (opt-in newsletter from the CVE Web site)

Tuesday, November 9, 2010

CVE Announce - November 9, 2010 (opt-in newsletter from the CVE Web site)

Thursday, August 19, 2010

CVE Announce - August 19, 2010 (opt-in newsletter from the CVE Web site)

Wednesday, May 19, 2010

CVE Announce - May 19, 2010 (opt-in newsletter from the CVE Web site)

Tuesday, April 6, 2010

RE: Security Automation Developer Days - June 14-16

Wednesday, March 31, 2010

Security Automation Developer Days - June 14-16

Blog Archive

About Me