newsletter is designed to bring recent news about CVE, such as new
versions, upcoming conferences, new Web site features, etc. right to your
emailbox. Common Vulnerabilities and Exposures (CVE) is the standard for
information security vulnerability names. CVE content results from the
collaborative efforts of the CVE Editorial Board, which is comprised of
leading representatives from the information security community. Details on
subscribing (and unsubscribing) to the email newsletter are at the end.
Please feel free to pass this newsletter on to interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/January 19, 2010
-------------------------------------------------------
Contents:
1. Feature Story
2. HOT TOPIC
3. Upcoming Events
3. Also in this Issue
4. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
Three Products and Services from Two Organizations Now Registered as
Officially "CVE-Compatible"
Three additional information security products and services have achieved
the final stage of MITRE's formal CVE Compatibility Process and are now
officially "CVE-Compatible." The products and services are now eligible to
use the CVE-Compatible Product/Service logo, and a completed and reviewed
"CVE Compatibility Requirements Evaluation" questionnaire is posted for
each product as part of the organization's listing on the CVE-Compatible
Products and Services page on the CVE Web site. A total of 93 products
to-date have been recognized as officially compatible.
The following products are now registered as officially "CVE-Compatible":
* Information-technology Promotion Agency, Japan (IPA)
- Topsec Intrusion Protection System (TopIDP)
- Filtered Vulnerability Countermeasure Information Tool (MyJVN)
* Japan Computer Emergency Response Team Coordination Center (JPCERT/CC)
- Japan Vulnerability Notes (JVN)
Use of the official CVE-Compatible logo will allow system administrators
and other security professionals to look for the logo when adopting
vulnerability management products and services for their enterprises and
the compatibility process questionnaire will help end-users compare how
different products and services satisfy the CVE compatibility requirements,
and therefore which specific implementations are best for their networks
and systems.
For additional information about CVE compatibility and to review all
products and services listed, visit the CVE Compatibility Process and
CVE-Compatible Products and Services.
LINKS:
IPA - http://www.ipa.go.jp/index-e.html
JPCERT/CC - http://www.jpcert.or.jp/english/
CVE Compatibility Process - http://cve.mitre.org/compatible/process.html
CVE-Compatible Products - http://cve.mitre.org/compatible
-------------------------------------------------------------
HOT TOPIC:
MITRE's Launches "Malware Attribute Enumeration and Characterization"
Standardization Effort
Malware Attribute Enumeration and Characterization (MAEC) is a community
initiative to create a standardized language for encoding and communicating
high-fidelity information about malware based upon attributes such as
behaviors, artifacts, and attack patterns.
By eliminating the ambiguity and inaccuracy that currently exists in
malware descriptions and by reducing reliance on signatures, MAEC aims to
improve human-to-human, human-to-tool, tool-to-tool, and tool-to-human
communication about malware; reduce potential duplication of malware
analysis efforts by researchers; and allow for the faster development of
countermeasures by enabling the ability to leverage responses to previously
observed malware instances.
MAEC includes three community-developed components to create the
standardized MAEC Language: a vocabulary of attribute enumerations, a
schema for grammar, and a standard output format.
Please visit the MAEC Web site to learn more or join the effort.
LINK:
MAEC Web site - http://maec.mitre.org
---------------------------------------------------------------
UPCOMING EVENTS:
MITRE has announced its initial "Making Security Measurable" calendar of
events for 2010. Details regarding MITRE's scheduled participation at these
events are noted on the CVE Calendar page. Each listing includes the event
name with URL, date of the event, location, and a description of our
activity at the event.
* "2010 Information Assurance Symposium," February 2-5, 2010
* "RSA Conference 2010," March 1-5, 2010
* "InfoSec World Conference & Expo 2010," April 19-21, 2010
* "Black Hat Briefings 2010," July 28-29, 2010
Other events may be added throughout the year. Visit the CVE Calendar for
information or contact cve@mitre.org to have MITRE present a briefing or
participate in a panel discussion about CVE, CCE, CPE, CAPEC, CWE, MAEC,
CEE, OVAL, and/or Making Security Measurable at your event.
LINKS:
Making Security Measurable - http://measurablesecurity.mitre.org
CVE Calendar - http://cve.mitre.org/news/calendar.html
---------------------------------------------------------------
ALSO IN THIS ISSUE:
* DBAPPSecurity Limited Makes Five Declarations of CVE Compatibility
* Security Automation Is Main Focus of DoD's "IAnewsletter"
Read these stories and more news at http://cve.mitre.org/news
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: Steve Boyle, Information Security Technical Center.
Writer: Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE
and provides impartial technical guidance to the CVE Editorial Board on all
matters related to ongoing development of CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new email message
and copy the following text to the BODY of the message "SIGNOFF
CVE-Announce-list", then send the message to: listserv@lists.mitre.org. To
subscribe, send an email message to listserv@lists.mitre.org with the
following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".
Copyright 2010, The MITRE Corporation. CVE and the CVE logo are registered
trademarks of The MITRE Corporation.
For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org. Learn more about
Making Security Measurable at http://measurablesecurity.mitre.org.
No comments:
Post a Comment