newsletter is designed to bring recent news about CVE, such as new versions,
upcoming conferences, new Web site features, etc. right to your emailbox.
Common Vulnerabilities and Exposures (CVE) is the standard for information
security vulnerability names. CVE content results from the collaborative
efforts of the CVE Editorial Board, which is comprised of leading
representatives from the information security community. Details on
subscribing (and unsubscribing) to the email newsletter are at the end.
Please feel free to pass this newsletter on to interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/May 19, 2010
-------------------------------------------------------
Contents:
1. Feature Story
2. UPCOMING EVENT
3. Also in this Issue
4. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
Three Products and Services from Three Organizations Now Registered as
Officially "CVE-Compatible"
Three additional information security products and services have achieved
the final stage of MITRE's formal CVE Compatibility Process and are now
officially "CVE-Compatible." The products and services are now eligible to
use the CVE-Compatible Product/Service logo, and a completed and reviewed
"CVE Compatibility Requirements Evaluation" questionnaire is posted for each
product as part of the organization's listing on the CVE-Compatible Products
and Services page on the CVE Web site. A total of 100 products to-date have
been recognized as officially compatible.
The following products are now registered as officially "CVE-Compatible":
* Beijing Venustech Security Inc. - Venusense Intrusion Prevention System
* Globant - ATTAKA
* Legendsec Technology Co. Ltd. - Legendsec SecIPS 3600 Intrusion Prevention
System
Use of the official CVE-Compatible logo will allow system administrators and
other security professionals to look for the logo when adopting
vulnerability management products and services for their enterprises and the
compatibility process questionnaire will help end-users compare how
different products and services satisfy the CVE compatibility requirements,
and therefore which specific implementations are best for their networks and
systems.
For additional information about CVE compatibility and to review all
products and services listed, visit the CVE Compatibility Process and
CVE-Compatible Products and Services.
LINKS:
Beijing Venustech Security Inc. - http://www.venustech.com.cn/
Globant - http://www.globant.com/
Legendsec Technology Co. Ltd. - http://www.legendsec.com/
CVE Compatibility Process - http://cve.mitre.org/compatible/process.html
CVE-Compatible Products - http://cve.mitre.org/compatible
---------------------------------------------------------------
UPCOMING EVENT:
Security Automation Developer Days Conference 2010
MITRE is scheduled to host "Security Automation Developer Days Conference
2010" at MITRE in Bedford, Massachusetts, USA on June 14-16, 2010. The
purpose of the three-day event is for the community to discuss all current
and emerging Security Content Automation Protocol (SCAP) standards in
technical detail and to derive solutions that benefit all concerned parties.
The U.S. National Institute of Standards and Technology's (NIST) SCAP
employs existing community standards to enable "automated vulnerability
management, measurement, and policy compliance evaluation (e.g., FISMA
compliance)," and CVE is one of the six open standards SCAP uses for
enumerating, evaluating, and measuring the impact of software problems and
reporting results. The other five standards are Open Vulnerability and
Assessment Language (OVAL), a standard XML for security testing procedures
and reporting; Common Configuration Enumeration (CCE), standard identifiers
and a dictionary for system security configuration issues; Common Platform
Enumeration (CPE), standard identifiers and a dictionary for platform and
product naming; Extensible Configuration Checklist Description Format
(XCCDF), a standard for specifying checklists and reporting results; and
Common Vulnerability Scoring System (CVSS), a standard for conveying and
scoring the impact of vulnerabilities.
A brief technical overview of software assurance efforts sponsored by the
U.S. Department of Homeland Security will also be provided on the third day
of the conference.
LINKS:
Conference Agenda -
http://makingsecuritymeasurable.mitre.org/participation/Security_Automation_Developer_Days_2010_Agenda.pdf
Conference Registration - https://register.mitre.org/devdays/
---------------------------------------------------------------
ALSO IN THIS ISSUE:
* CVE Briefing at "2010 FS-ISAC, FSTC, BITS Annual Summit"
* CVE Briefing at "SOURCE Boston Conference"
* MITRE Hosts CVE/Making Security Measurable Booth at "InfoSec World 2010"
* Photos from 'CVE 10-Year Anniversary Celebration & BOF' at "RSA 2010"
* RedSeal Systems, Inc. Makes Declaration of CVE Compatibility
Read these stories and more news at http://cve.mitre.org/news
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: Steve Boyle, Information Security Technical Center. Writer:
Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE and
provides impartial technical guidance to the CVE Editorial Board on all
matters related to ongoing development of CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new email message
and copy the following text to the BODY of the message "SIGNOFF
CVE-Announce-list", then send the message to: listserv@lists.mitre.org. To
subscribe, send an email message to listserv@lists.mitre.org with the
following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".
Copyright 2010, The MITRE Corporation. CVE and the CVE logo are registered
trademarks of The MITRE Corporation.
For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org. Learn more about
Making Security Measurable at http://measurablesecurity.mitre.org.
