CVE Announce - December 16, 2011 (opt-in newsletter from the CVE Web site)

Welcome to the latest edition of the CVE-Announce e-newsletter. This email
newsletter is designed to bring recent news about CVE, such as new versions,
upcoming conferences, new Web site features, etc. right to your email box.
Common Vulnerabilities and Exposures (CVE) is the standard for information
security vulnerability names. CVE content results from the collaborative
efforts of the CVE Editorial Board, which is comprised of leading
representatives from the information security community. Details on
subscribing (and unsubscribing) to the email newsletter are at the end.
Please feel free to pass this newsletter on to interested colleagues.

Comments: cve@mitre.org

-------------------------------------------------------
CVE-Announce e-newsletter/December 16, 2011
-------------------------------------------------------

Contents:

1. Feature Story
2. HOT TOPIC
3. Also in this Issue
4. Details/Credits + Subscribing and Unsubscribing

FEATURE STORY:

CVE-IDs Now Mapped to DISA's Information Assurance Vulnerability Alerts

CVE-IDs are now mapped to the U.S. Defense Information System Agency's
(DISA) Information Assurance Vulnerability Management (IAVM) alerts, free
downloads of which are available in Microsoft Excel (XLS) and Extensible
Markup Language (XML) format on DISA's public Security Technical
Implementation Guides (STIG) Web site at
http://iase.disa.mil/stigs/index.html.

LINKS:

IAVA CVE Mappings - http://iase.disa.mil/stigs/iavm-cve.html

CVE List - http://cve.mitre.org/cve/

---------------------------------------------------------------
HOT TOPIC:

CVE Mentioned in U.S. Department of Homeland Security's "Blueprint for a
Secure Cyber Future"

CVE is mentioned in the December 12, 2011 release of the Department of
Homeland Security's "Blueprint for a Secure Cyber Future: The Cybersecurity
Strategy for the Homeland Security Enterprise" on the DHS Web site.

The blueprint, as described on the DHS blog, "outlines an integrated
approach to enable the homeland security community to leverage existing
capabilities and promote technological advances that make government, the
private sector and the public safer, more secure, and more resilient online.
Specific actions outlined in the strategy range from hardening critical
networks and prosecuting cybercrime to raising public awareness and training
a national cybersecurity workforce. Cybersecurity is a shared
responsibility, and each of us has a role to play. In today's interconnected
world, emerging cyber threats require the engagement of our entire society
including government and law enforcement, the private sector, and members of
the public. In preparing this strategy, the Department benefited from the
constructive engagement of representatives from state and local governments,
industry, academia, non-governmental organizations, and many dedicated
individuals from across the country. As we implement this strategy, DHS will
continue to work with partners across the homeland security enterprise to
implement the goals outlined in the Blueprint."

CVE is mentioned in the blueprint itself as one of two "Core capabilities
for the homeland security enterprise in the "Increase Technical and Policy
Interoperability Across Devices" subsection of the "Build Collaborative
Communities" section of the blueprint, as follows: "On a device-to-device
level, strengthen collaboration, create new intelligence, hasten learning,
and improve situational awareness ... A proven ability to communicate about
cyber incidents through standardized dictionaries of key informational
elements, including software vulnerabilities, weaknesses, patterns of
attack, and malware classification as well as security content that is
structured for automated sharing where appropriate. Resources include the
National Vulnerability Database, Common Vulnerabilities and Exposures (CVE),
and the Information Assurance Checklists housed on the National Checklist
Program."

The blueprint is available for free download at
http://www.dhs.gov/files/publications/blueprint-for-a-secure-cyber-future.sh
tm.

---------------------------------------------------------------
ALSO IN THIS ISSUE:

* CVE Included in Article about Tool that Automatically Detects
Vulnerabilities in Embedded Linux Libraries in "SC Magazine"

Read these stories and more news at http://cve.mitre.org/news

---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing

Managing Editor: Steve Boyle, Information Security Technical Center. Writer:
Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE and
provides impartial technical guidance to the CVE Editorial Board on all
matters related to ongoing development of CVE.

To unsubscribe from the CVE-Announce e-newsletter, open a new email message
and copy the following text to the BODY of the message "SIGNOFF
CVE-Announce-list", then send the message to: listserv@lists.mitre.org. To
subscribe, send an email message to listserv@lists.mitre.org with the
following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".

Copyright 2011, The MITRE Corporation. CVE and the CVE logo are registered
trademarks of The MITRE Corporation.

For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org. Learn more about
Making Security Measurable at http://measurablesecurity.mitre.org.

CVE Announce - November 15, 2011 (opt-in newsletter from the CVE Web site)

Welcome to the latest edition of the CVE-Announce e-newsletter. This email
newsletter is designed to bring recent news about CVE, such as new versions,
upcoming conferences, new Web site features, etc. right to your email box.
Common Vulnerabilities and Exposures (CVE) is the standard for information
security vulnerability names. CVE content results from the collaborative
efforts of the CVE Editorial Board, which is comprised of leading
representatives from the information security community. Details on
subscribing (and unsubscribing) to the email newsletter are at the end.
Please feel free to pass this newsletter on to interested colleagues.

Comments: cve@mitre.org

-------------------------------------------------------
CVE-Announce e-newsletter/November 15, 2011
-------------------------------------------------------

Contents:

1. Feature Story
2. Also in this Issue
3. Details/Credits + Subscribing and Unsubscribing

FEATURE STORY:

2 Products from 2 Organizations Now Registered as Officially
"CVE-Compatible"

Two additional information security products have achieved the final stage
of MITRE's formal CVE Compatibility Process and is now officially
"CVE-Compatible." The product is now eligible to use the CVE-Compatible
Product/Service logo, and a completed and reviewed "CVE Compatibility
Requirements Evaluation" questionnaire is posted for the product as part of
the organization's listing on the CVE-Compatible Products and Services page
on the CVE Web site. A total of 124 products to-date have been recognized as
officially compatible.

The following products are now registered as officially "CVE-Compatible":

* Packet Storm - Packet Storm Security Web site

* SECUI.COM Corporation - SECUI SCAN

Use of the official CVE-Compatible logo will allow system administrators and
other security professionals to look for the logo when adopting
vulnerability management products and services for their enterprises and the
compatibility process questionnaire will help end-users compare how
different products and services satisfy the CVE compatibility requirements,
and therefore which specific implementations are best for their networks and
systems.

For additional information about CVE compatibility and to review all
products and services listed, visit the CVE Compatibility Process and
CVE-Compatible Products and Services.

LINKS:

Packet Storm - http://cve.mitre.org/compatible/questionnaires/138.html

SECUI.COM Corporation -
http://cve.mitre.org/compatible/questionnaires/137.html

CVE Compatibility Process - http://cve.mitre.org/compatible/process.html

CVE-Compatible Products - http://cve.mitre.org/compatible/

---------------------------------------------------------------
ALSO IN THIS ISSUE:

* CVE/Making Security Measurable Booth and SCAP/SwA Briefings at "IT
Security Automation Conference 2011"

* CVE/Making Security Measurable Briefing and CWE/CAPEC/MAEC Briefing at
"Software Assurance Enabling Reliability, Resilience, Robustness, and
Security Workshop"

Read these stories and more news at http://cve.mitre.org/news

---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing

Managing Editor: Steve Boyle, Information Security Technical Center. Writer:
Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE and
provides impartial technical guidance to the CVE Editorial Board on all
matters related to ongoing development of CVE.

To unsubscribe from the CVE-Announce e-newsletter, open a new email message
and copy the following text to the BODY of the message "SIGNOFF
CVE-Announce-list", then send the message to: listserv@lists.mitre.org. To
subscribe, send an email message to listserv@lists.mitre.org with the
following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".

Copyright 2011, The MITRE Corporation. CVE and the CVE logo are registered
trademarks of The MITRE Corporation.

For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org. Learn more about
Making Security Measurable at http://measurablesecurity.mitre.org.

CVE Announce - August 24, 2011 (opt-in newsletter from the CVE Web site)

Welcome to the latest edition of the CVE-Announce e-newsletter. This email
newsletter is designed to bring recent news about CVE, such as new versions,
upcoming conferences, new Web site features, etc. right to your email box.
Common Vulnerabilities and Exposures (CVE) is the standard for information
security vulnerability names. CVE content results from the collaborative
efforts of the CVE Editorial Board, which is comprised of leading
representatives from the information security community. Details on
subscribing (and unsubscribing) to the email newsletter are at the end.
Please feel free to pass this newsletter on to interested colleagues.

Comments: cve@mitre.org

-------------------------------------------------------
CVE-Announce e-newsletter/August 24, 2011
-------------------------------------------------------

Contents:

1. Feature Story
2. Also in this Issue
3. Details/Credits + Subscribing and Unsubscribing

FEATURE STORY:

1 Product from Application Security, Inc. Now Registered as Officially
"CVE-Compatible"

One additional information security product has achieved the final stage of
MITRE's formal CVE Compatibility Process and is now officially
"CVE-Compatible." The product is now eligible to use the CVE-Compatible
Product/Service logo, and a completed and reviewed "CVE Compatibility
Requirements Evaluation" questionnaire is posted for the product as part of
the organization's listing on the CVE-Compatible Products and Services page
on the CVE Web site. A total of 122 products to-date have been recognized as
officially compatible.

The following product is now registered as officially "CVE-Compatible":

* Application Security, Inc. - TeamSHATTER

Use of the official CVE-Compatible logo will allow system administrators and
other security professionals to look for the logo when adopting
vulnerability management products and services for their enterprises and the
compatibility process questionnaire will help end-users compare how
different products and services satisfy the CVE compatibility requirements,
and therefore which specific implementations are best for their networks and
systems.

For additional information about CVE compatibility and to review all
products and services listed, visit the CVE Compatibility Process and
CVE-Compatible Products and Services.

LINKS:

Application Security, Inc. -
http://cve.mitre.org/compatible/questionnaires/136.html

CVE Compatibility Process - http://cve.mitre.org/compatible/process.html

CVE-Compatible Products - http://cve.mitre.org/compatible/

---------------------------------------------------------------
ALSO IN THIS ISSUE:

* CVE/Making Security Measurable Briefing at "GFIRST 2011"

* CVE/Making Security Measurable Booth at "Black Hat Briefings 2011"

Read these stories and more news at http://cve.mitre.org/news

---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing

Managing Editor: Steve Boyle, Information Security Technical Center. Writer:
Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE and
provides impartial technical guidance to the CVE Editorial Board on all
matters related to ongoing development of CVE.

To unsubscribe from the CVE-Announce e-newsletter, open a new email message
and copy the following text to the BODY of the message "SIGNOFF
CVE-Announce-list", then send the message to: listserv@lists.mitre.org. To
subscribe, send an email message to listserv@lists.mitre.org with the
following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".

Copyright 2011, The MITRE Corporation. CVE and the CVE logo are registered
trademarks of The MITRE Corporation.

For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org. Learn more about
Making Security Measurable at http://measurablesecurity.mitre.org.

CVE Announce - July 28, 2011 (opt-in newsletter from the CVE Web site)

Welcome to the latest edition of the CVE-Announce e-newsletter. This email
newsletter is designed to bring recent news about CVE, such as new versions,
upcoming conferences, new Web site features, etc. right to your email box.
Common Vulnerabilities and Exposures (CVE) is the standard for information
security vulnerability names. CVE content results from the collaborative
efforts of the CVE Editorial Board, which is comprised of leading
representatives from the information security community. Details on
subscribing (and unsubscribing) to the email newsletter are at the end.
Please feel free to pass this newsletter on to interested colleagues.

Comments: cve@mitre.org

-------------------------------------------------------
CVE-Announce e-newsletter/July 28, 2011
-------------------------------------------------------

Contents:

1. Feature Story
2. Also in this Issue
3. Details/Credits + Subscribing and Unsubscribing

FEATURE STORY:

CVE/Making Security Measurable Booth at "Black Hat Briefings 2011"

MITRE will host a CVE/Making Security Measurable booth at "Black Hat
Briefings 2011" on August 3-4, 2011 at Caesars Palace Las Vegas in Las
Vegas, Nevada, USA.

Please visit us at Booth 307 and say hello!

Visit the CVE Calendar for information on this and other events.

LINKS:

Black Hat Briefings 2011 - http://www.blackhat.com/

Making Security Measurable - http://measurablesecurity.mitre.org/

CVE Calendar - http://cve.mitre.org/news/calendar.html

---------------------------------------------------------------
ALSO IN THIS ISSUE:

* SECUI.COM Corporation Makes Declaration of CVE Compatibility

* 1 Product from Fortinet, Inc. Now Registered as Officially
"CVE-Compatible"

Read these stories and more news at http://cve.mitre.org/news

---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing

Managing Editor: Steve Boyle, Information Security Technical Center. Writer:
Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE and
provides impartial technical guidance to the CVE Editorial Board on all
matters related to ongoing development of CVE.

To unsubscribe from the CVE-Announce e-newsletter, open a new email message
and copy the following text to the BODY of the message "SIGNOFF
CVE-Announce-list", then send the message to: listserv@lists.mitre.org. To
subscribe, send an email message to listserv@lists.mitre.org with the
following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".

Copyright 2011, The MITRE Corporation. CVE and the CVE logo are registered
trademarks of The MITRE Corporation.

For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org. Learn more about
Making Security Measurable at http://measurablesecurity.mitre.org.

CVE Announce - July 6, 2011 (opt-in newsletter from the CVE Web site)

Welcome to the latest edition of the CVE-Announce e-newsletter. This email
newsletter is designed to bring recent news about CVE, such as new versions,
upcoming conferences, new Web site features, etc. right to your email box.
Common Vulnerabilities and Exposures (CVE) is the standard for information
security vulnerability names. CVE content results from the collaborative
efforts of the CVE Editorial Board, which is comprised of leading
representatives from the information security community. Details on
subscribing (and unsubscribing) to the email newsletter are at the end.
Please feel free to pass this newsletter on to interested colleagues.

Comments: cve@mitre.org

-------------------------------------------------------
CVE-Announce e-newsletter/July 6, 2011
-------------------------------------------------------

Contents:

1. Feature Story
2. Hot Topic
3. Also in this Issue
4. Details/Credits + Subscribing and Unsubscribing

FEATURE STORY:

1 Product from Fortinet, Inc. Now Registered as Officially "CVE-Compatible"

One additional information security product has achieved the final stage of
MITRE's formal CVE Compatibility Process and is now officially
"CVE-Compatible." The product is now eligible to use the CVE-Compatible
Product/Service logo, and a completed and reviewed "CVE Compatibility
Requirements Evaluation" questionnaire is posted for the product as part of
the organization's listing on the CVE-Compatible Products and Services page
on the CVE Web site. A total of 121 products to-date have been recognized as
officially compatible.

The following product is now registered as officially "CVE-Compatible":

* Fortinet, Inc. - FortiGuard

Use of the official CVE-Compatible logo will allow system administrators and
other security professionals to look for the logo when adopting
vulnerability management products and services for their enterprises and the
compatibility process questionnaire will help end-users compare how
different products and services satisfy the CVE compatibility requirements,
and therefore which specific implementations are best for their networks and
systems.

For additional information about CVE compatibility and to review all
products and services listed, visit the CVE Compatibility Process and
CVE-Compatible Products and Services.

LINKS:

Fortinet, Inc. - http://cve.mitre.org/compatible/questionnaires/135.html

CVE Compatibility Process - http://cve.mitre.org/compatible/process.html

CVE-Compatible Products - http://cve.mitre.org/compatible/

---------------------------------------------------------------
HOT TOPIC:

CVE Included as Reporting Requirement in 2011 FISMA Continuous Monitoring
Compliance Document

CVE was included in the "2011 Chief Information Officer Federal Information
Security Management Act Reporting Metrics" document issued on June 1, 2011
by the U.S. Department of Homeland Security and National Institute of
Standards and Technology. The document provides cybersecurity status
reporting metrics for government agencies under the Federal Information
Security Management Act (FISMA) that focus on the ability to automate system
monitoring and security controls.

CVE is included as a reporting requirement in Section 4, Vulnerability
Management: "Provide the number of Agency information technology assets
where an automated capability provides visibility at the Agency level into
detailed vulnerability information (Common Vulnerabilities and Exposures -
CVE)."

CVE is included again as a reporting requirement in Section 12, Software
Assurance, subsection 12.1b., which states: "Provide the number of the
information systems above (12.1a) where the tools generated output compliant
with: 12.1b (1). Common Vulnerabilities and Exposures (CVE) 12.1b (2).
Common Weakness Enumeration (CWE) 12.1b (3). Common Vulnerability Scoring
System (CVSS) 12.1b (4). Open Vulnerability and Assessment Language (OVAL)."

LINK:

2011 FISMA Continuous Monitoring Compliance Document -
http://www.sans.org/critical-security-controls/fisma.pdf

---------------------------------------------------------------
ALSO IN THIS ISSUE:

* SECUI.COM Corporation Makes Declaration of CVE Compatibility

* Briefing Slides from MITRE's "Security Automation Developer Days 2011" Now
Available

* CVE Mentioned in "Government Computer News" Article about Security
Reporting Metrics

Read these stories and more news at http://cve.mitre.org/news

---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing

Managing Editor: Steve Boyle, Information Security Technical Center. Writer:
Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE and
provides impartial technical guidance to the CVE Editorial Board on all
matters related to ongoing development of CVE.

To unsubscribe from the CVE-Announce e-newsletter, open a new email message
and copy the following text to the BODY of the message "SIGNOFF
CVE-Announce-list", then send the message to: listserv@lists.mitre.org. To
subscribe, send an email message to listserv@lists.mitre.org with the
following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".

Copyright 2011, The MITRE Corporation. CVE and the CVE logo are registered
trademarks of The MITRE Corporation.

For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org. Learn more about
Making Security Measurable at http://measurablesecurity.mitre.org.

CVE Announce - June 6, 2011 (opt-in newsletter from the CVE Web site)

Welcome to the latest edition of the CVE-Announce e-newsletter. This email
newsletter is designed to bring recent news about CVE, such as new versions,
upcoming conferences, new Web site features, etc. right to your email box.
Common Vulnerabilities and Exposures (CVE) is the standard for information
security vulnerability names. CVE content results from the collaborative
efforts of the CVE Editorial Board, which is comprised of leading
representatives from the information security community. Details on
subscribing (and unsubscribing) to the email newsletter are at the end.
Please feel free to pass this newsletter on to interested colleagues.

Comments: cve@mitre.org

-------------------------------------------------------
CVE-Announce e-newsletter/June 6, 2011
-------------------------------------------------------

Contents:

1. Feature Story
2. Also in this Issue
3. Details/Credits + Subscribing and Unsubscribing

FEATURE STORY:

Agenda Now Available for MITRE's "Security Automation Developer Days 2011"
on June 14-17

The agenda for MITRE's free "Security Automation Developer Days 2011"
conference scheduled for June 14-17, 2011 at MITRE in Bedford,
Massachusetts, USA is now available at
https://register.mitre.org/devdays/agenda.pdf.

For registration, lodging, and other conference details, please visit:
https://register.mitre.org/devdays/.

LINKS:

Agenda - https://register.mitre.org/devdays/agenda.pdf

Conference Registration - https://register.mitre.org/devdays/

---------------------------------------------------------------
ALSO IN THIS ISSUE:

* CVE Mentioned in Article about Cybersecurity Collaboration in
"InformationWeek"

* CVE Included in Department of Homeland Security's "Enabling Distributed
Security in Cyberspace" White Paper

Read these stories and more news at http://cve.mitre.org/news

---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing

Managing Editor: Steve Boyle, Information Security Technical Center. Writer:
Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE and
provides impartial technical guidance to the CVE Editorial Board on all
matters related to ongoing development of CVE.

To unsubscribe from the CVE-Announce e-newsletter, open a new email message
and copy the following text to the BODY of the message "SIGNOFF
CVE-Announce-list", then send the message to: listserv@lists.mitre.org. To
subscribe, send an email message to listserv@lists.mitre.org with the
following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".

Copyright 2011, The MITRE Corporation. CVE and the CVE logo are registered
trademarks of The MITRE Corporation.

For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org. Learn more about
Making Security Measurable at http://measurablesecurity.mitre.org.

CVE Announce - May 10, 2011 (opt-in newsletter from the CVE Web site)

Welcome to the latest edition of the CVE-Announce e-newsletter. This email
newsletter is designed to bring recent news about CVE, such as new versions,
upcoming conferences, new Web site features, etc. right to your email box.
Common Vulnerabilities and Exposures (CVE) is the standard for information
security vulnerability names. CVE content results from the collaborative
efforts of the CVE Editorial Board, which is comprised of leading
representatives from the information security community. Details on
subscribing (and unsubscribing) to the email newsletter are at the end.
Please feel free to pass this newsletter on to interested colleagues.

Comments: cve@mitre.org

-------------------------------------------------------
CVE-Announce e-newsletter/May 10, 2011
-------------------------------------------------------

Contents:

1. Feature Story
2. Hot Topic
3. Also in this Issue
4. Details/Credits + Subscribing and Unsubscribing

FEATURE STORY:

MITRE to Host "Security Automation Developer Days 2011" on June 14-17

MITRE Corporation will host the third "Security Automation Developer Days"
conference on June 14-17, 2011, at MITRE in Bedford, Massachusetts, USA.
This four-day conference is technical in nature and will focus on the U.S.
National Institute of Standards and Technology's (NIST) Security Content
Automation Protocol (SCAP).

The purpose of the event is for the community to discuss SCAP - and those
existing standards upon which it is based including CVE, Open Vulnerability
and Assessment Language (OVAL), Common Configuration Enumeration (CCE),
Common Platform Enumeration (CPE), Extensible Configuration Checklist
Description Format (XCCDF), etc. - in technical detail and to derive
solutions that benefit all concerned parties. All current and emerging SCAP
standards are addressed at this workshop. MITRE first hosted Developer Days
in 2005 and has been running them annually ever since. The model for these
technical exchanges has since been adopted as the format used by the
Security Automation community.

An agenda will be available soon. For registration, lodging, and other
conference details, please visit: https://register.mitre.org/devdays/.

LINKS:

SCAP - http://scap.nist.gov/

CVE - http://cve.mitre.org/

OVAL - http://oval.mitre.org/

CCE - http://cce.mitre.org/

CPE - http://cpe.mitre.org/

Conference Registration - https://register.mitre.org/devdays/

---------------------------------------------------------------
HOT TOPIC:

CVE Mentioned in Article about Cybersecurity Collaboration in
"InformationWeek"

CVE was mentioned in an article entitled "Why Cybersecurity Partnerships
Matter" in "InformationWeek" on March 26, 2011. The main topic of the
article is why the "public and private sectors must collaborate in new ways
to ward off dangerous threats to critical systems and IT infrastructure."

The author describes three ways such partnerships can improve cybersecurity:
"First, the public and private sectors need to share more information - more
parties must be included and new platforms used. Second, they must pay more
attention to defending against attacks that threaten critical IT
infrastructure and even damage physical facilities. Third, their
collaboration must be ratcheted up to the next level - real-time
identification and response as threats occur" [and so security practices are
proactive and preemptive rather than reactionary]."

CVE is mentioned when the author states: "The opportunity is in harnessing a
wider array of perspectives and ideas than happens now with a closed loop of
participants. We know it's possible because we do it already with software
and hardware vulnerabilities in the form of the Common Vulnerability and
Exposures, or CVE. With MITRE as the editor and numbering authority for CVE
identifiers, data gets collected and used across the industry."

LINKS:

InformationWeek article -
http://www.informationweek.com/news/government/security/229301141

CVE - http://cve.mitre.org/

---------------------------------------------------------------
ALSO IN THIS ISSUE:

* MITRE Hosts CVE/Making Security Measurable Booth at "InfoSec World 2011"

* CVE Included in Department of Homeland Security's "Enabling Distributed
Security in Cyberspace" White Paper

Read these stories and more news at http://cve.mitre.org/news

---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing

Managing Editor: Steve Boyle, Information Security Technical Center. Writer:
Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE and
provides impartial technical guidance to the CVE Editorial Board on all
matters related to ongoing development of CVE.

To unsubscribe from the CVE-Announce e-newsletter, open a new email message
and copy the following text to the BODY of the message "SIGNOFF
CVE-Announce-list", then send the message to: listserv@lists.mitre.org. To
subscribe, send an email message to listserv@lists.mitre.org with the
following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".

Copyright 2011, The MITRE Corporation. CVE and the CVE logo are registered
trademarks of The MITRE Corporation.

For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org. Learn more about
Making Security Measurable at http://measurablesecurity.mitre.org.

Security Automation Developer Days, June 14 - 17 at MITRE Bedford

Registration is now open for Security Automation Developer Days, which will be held on June 14 – 17 at the MITRE Campus in Bedford Massachusetts.

 

https://register.mitre.org/devdays/

 

The agenda is not yet available.  We hope to post it to the site within two weeks.

 

Steve

 

______________________________________________

Stephen P. Boczenowski

      The MITRE Corporation

      Office: (781) 271-7682

      Cell: (978) 302-3849

      sboczeno@mitre.org

 

Benchmark Development Course

http://benchmarkdevelopment.mitre.org/

 

From: Boczenowski, Steve
Sent: Friday, April 08, 2011 4:38 PM
To: Multiple recipients of list; oval-discussion-list OVAL Discussion List/Closed Public Discussi; 'xccdf-dev@nist.gov'; cce-announce-list Common Configuration Enumeration/CCE Announcem; cpe-discussion-list CPE Community Forum; 'emerging-specs@nist.gov'; benchmark-development-forum-list Security Guidance Best Practice; cve-announce-list Common Vulnerabilities and Exposures/CVE Annou
Subject: Save the Date - Security Automation Developer Days, June 14 - 17 at MITRE Bedford

 

Community Members,

 

Please mark your calendars to save the date for the Summer 2011 Security Automation Developer Days Conference to be held June 14-17, 2011 at the MITRE facility in beautiful Bedford, Massachusetts.  We plan kick-off the event with an early morning session on Tuesday, June 14 and close the event by mid-day on Friday, June 17.

 

If you’ve been to any of these Developer Days events, either here at MITRE or at NIST in Gaithersburg, you realize that the purpose is to bring the SCAP community together for interactive sessions.  Your participation is encouraged by all attendees.

 

We are in the process of standing up a registration page and creating the agenda. More details to come in the near future.  Hope to see you there.

 

Steve

 

______________________________________________

Stephen P. Boczenowski

      The MITRE Corporation

      Office: (781) 271-7682

      Cell: (978) 302-3849

      sboczeno@mitre.org

 

Benchmark Development Course

http://benchmarkdevelopment.mitre.org/

 

CVE Announce - April 13, 2011 (opt-in newsletter from the CVE Web site)

Welcome to the latest edition of the CVE-Announce e-newsletter. This email
newsletter is designed to bring recent news about CVE, such as new versions,
upcoming conferences, new Web site features, etc. right to your email box.
Common Vulnerabilities and Exposures (CVE) is the standard for information
security vulnerability names. CVE content results from the collaborative
efforts of the CVE Editorial Board, which is comprised of leading
representatives from the information security community. Details on
subscribing (and unsubscribing) to the email newsletter are at the end.
Please feel free to pass this newsletter on to interested colleagues.

Comments: cve@mitre.org

-------------------------------------------------------
CVE-Announce e-newsletter/April 13, 2011
-------------------------------------------------------

Contents:

1. Feature Story
2. Upcoming Event
3. Also in this Issue
4. Details/Credits + Subscribing and Unsubscribing

FEATURE STORY:

CVE Included in Department of Homeland Security's "Enabling Distributed
Security in Cyberspace" White Paper

CVE was included in the U.S. Department of Homeland Security (DHS) "Enabling
Distributed Security in Cyberspace" white paper published on March 23, 2011
on the DHS Web site Blog. The main topic of the white paper is "how
prevention and defense can be enhanced through three security building
blocks: automation, interoperability, and authentication. If these building
blocks were incorporated into cyber devices and processes, cyber
stakeholders would have significantly stronger means to identify and respond
to threats - creating and exchanging trusted information and coordinating
courses of action in near real time."

The paper defines Interoperability as already being "enabled through an
approach that has been refined over the past decade by many in industry,
academia, and government. It is an information-oriented approach, generally
referred to as [cyber] security content automation ..." and is comprised of
(1) Enumerations "of the fundamental entities of cybersecurity" and lists
CVE, CCE, CPE, CWE, and CAPEC; (2) Languages and Formats that "incorporate
enumerations and support the creation of machine-readable security state
assertions, assessment results, audit logs, messages, and reports" and lists
OVAL, CEE, and MAEC; and (3) Knowledge Repositories that "contain a broad
collection of best practices, benchmarks, profiles, standards, templates,
checklists, tools, guidelines, rules, and principles, among others" that are
based upon or incorporate data from these standards.

The paper also states that these eight established community enumeration and
language standards that have been in use within the community for years can
be further leveraged moving forward because they are "standards [that] build
upon themselves to expand functionality over time", and projections of that
expanding utility are provided through 2014.

LINKS:

DHS white paper -
http://www.dhs.gov/xlibrary/assets/nppd-cyber-ecosystem-white-paper-03-23-20
11.pdf.

CVE - http://cve.mitre.org/

CCE - http://cce.mitre.org/

CPE - http://cpe.mitre.org/

CWE - http://cwe.mitre.org/

CAPEC - http://capec.mitre.org/

CEE - http://cee.mitre.org/

MAEC - http://maec.mitre.org/

OVAL - http://oval.mitre.org/

---------------------------------------------------------------
UPCOMING EVENT:

MITRE to Host CVE/Making Security Measurable Booth at "InfoSec World 2011,"
April 19-21

MITRE will host a CVE/Making Security Measurable booth at "InfoSec World
Conference & Expo 2011" at Disney's Contemporary Resort in Orlando, Florida,
USA, on April 19-21, 2011.

Members of the CVE Team will be in attendance. Please stop by Booth 307 and
say hello!

Visit the CVE Calendar for information on this and other events.

LINKS:

InfoSec World 2011 - http://www.misti.com/infosecworld

Making Security Measurable - http://measurablesecurity.mitre.org/

CVE Calendar - http://cve.mitre.org/news/calendar.html

---------------------------------------------------------------
ALSO IN THIS ISSUE:

* Hangzhou DPtech Technologies Co., Ltd. Makes Two Declarations of CVE
Compatibility

* Fortinet, Inc. Makes Declaration of CVE Compatibility

Read these stories and more news at http://cve.mitre.org/news

---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing

Managing Editor: Steve Boyle, Information Security Technical Center. Writer:
Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE and
provides impartial technical guidance to the CVE Editorial Board on all
matters related to ongoing development of CVE.

To unsubscribe from the CVE-Announce e-newsletter, open a new email message
and copy the following text to the BODY of the message "SIGNOFF
CVE-Announce-list", then send the message to: listserv@lists.mitre.org. To
subscribe, send an email message to listserv@lists.mitre.org with the
following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".

Copyright 2011, The MITRE Corporation. CVE and the CVE logo are registered
trademarks of The MITRE Corporation.

For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org. Learn more about
Making Security Measurable at http://measurablesecurity.mitre.org.

CVE Announce - March 28, 2011 (opt-in newsletter from the CVE Web site)

Welcome to the latest edition of the CVE-Announce e-newsletter. This email
newsletter is designed to bring recent news about CVE, such as new versions,
upcoming conferences, new Web site features, etc. right to your email box.
Common Vulnerabilities and Exposures (CVE) is the standard for information
security vulnerability names. CVE content results from the collaborative
efforts of the CVE Editorial Board, which is comprised of leading
representatives from the information security community. Details on
subscribing (and unsubscribing) to the email newsletter are at the end.
Please feel free to pass this newsletter on to interested colleagues.

Comments: cve@mitre.org

-------------------------------------------------------
CVE-Announce e-newsletter/March 28, 2011
-------------------------------------------------------

Contents:

1. Feature Story
2. Upcoming Event
3. Also in this Issue
4. Details/Credits + Subscribing and Unsubscribing

FEATURE STORY:

1 Product from Application Security, Inc. Now Registered as Officially
"CVE-Compatible"

One additional information security product has achieved the final stage of
MITRE's formal CVE Compatibility Process and is now officially
"CVE-Compatible." The product is now eligible to use the CVE-Compatible
Product/Service logo, and a completed and reviewed "CVE Compatibility
Requirements Evaluation" questionnaire is posted for the product as part of
the organization's listing on the CVE-Compatible Products and Services page
on the CVE Web site. A total of 118 products to-date have been recognized as
officially compatible.

The following products are now registered as officially "CVE-Compatible":

* Application Security, Inc. - AppDetectivePro

Use of the official CVE-Compatible logo will allow system administrators and
other security professionals to look for the logo when adopting
vulnerability management products and services for their enterprises and the
compatibility process questionnaire will help end-users compare how
different products and services satisfy the CVE compatibility requirements,
and therefore which specific implementations are best for their networks and
systems.

For additional information about CVE compatibility and to review all
products and services listed, visit the CVE Compatibility Process and
CVE-Compatible Products and Services.

LINKS:

Application Security, Inc. -
http://cve.mitre.org/compatible/questionnaires/132.html

CVE Compatibility Process - http://cve.mitre.org/compatible/process.html

CVE-Compatible Products - http://cve.mitre.org/compatible/

---------------------------------------------------------------
UPCOMING EVENT:

MITRE to Host CVE/Making Security Measurable Booth at "InfoSec World 2011,"
April 19-21

MITRE will host a CVE/Making Security Measurable booth at "InfoSec World
Conference & Expo 2011" at Disney's Contemporary Resort in Orlando, Florida,
USA, on April 19-21, 2011.

Members of the CVE Team will be in attendance. Please stop by Booth 307 and
say hello!

Visit the CVE Calendar for information on this and other events.

LINKS:

InfoSec World 2011 - http://www.misti.com/infosecworld

Making Security Measurable - http://measurablesecurity.mitre.org/

CVE Calendar - http://cve.mitre.org/news/calendar.html

---------------------------------------------------------------
ALSO IN THIS ISSUE:

* CVE/Making Security Measurable Booth at "2011 Information Assurance
Symposium"

Read these stories and more news at http://cve.mitre.org/news

---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing

Managing Editor: Steve Boyle, Information Security Technical Center. Writer:
Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE and
provides impartial technical guidance to the CVE Editorial Board on all
matters related to ongoing development of CVE.

To unsubscribe from the CVE-Announce e-newsletter, open a new email message
and copy the following text to the BODY of the message "SIGNOFF
CVE-Announce-list", then send the message to: listserv@lists.mitre.org. To
subscribe, send an email message to listserv@lists.mitre.org with the
following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".

Copyright 2011, The MITRE Corporation. CVE and the CVE logo are registered
trademarks of The MITRE Corporation.

For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org. Learn more about
Making Security Measurable at http://measurablesecurity.mitre.org.

CVE Announce - March 9, 2011 (opt-in newsletter from the CVE Web site)

Welcome to the latest edition of the CVE-Announce e-newsletter. This email
newsletter is designed to bring recent news about CVE, such as new versions,
upcoming conferences, new Web site features, etc. right to your email box.
Common Vulnerabilities and Exposures (CVE) is the standard for information
security vulnerability names. CVE content results from the collaborative
efforts of the CVE Editorial Board, which is comprised of leading
representatives from the information security community. Details on
subscribing (and unsubscribing) to the email newsletter are at the end.
Please feel free to pass this newsletter on to interested colleagues.

Comments: cve@mitre.org

-------------------------------------------------------
CVE-Announce e-newsletter/March 9, 2011
-------------------------------------------------------

Contents:

1. Feature Story
2. Upcoming Event
3. Also in this Issue
4. Details/Credits + Subscribing and Unsubscribing

FEATURE STORY:

3 Products from 2 Organizations Now Registered as Officially
"CVE-Compatible"

Three additional information security products and services have achieved
the final stage of MITRE's formal CVE Compatibility Process and are now
officially "CVE-Compatible." The products and services are now eligible to
use the CVE-Compatible Product/Service logo, and a completed and reviewed
"CVE Compatibility Requirements Evaluation" questionnaire is posted for each
product as part of the organization's listing on the CVE-Compatible Products
and Services page on the CVE Web site. A total of 117 products to-date have
been recognized as officially compatible.

The following products are now registered as officially "CVE-Compatible":

* Rsam's
- Rsam Enterprise Governance, Risk and Compliance Platform

* NSFocus Information Technology (Beijing) Co., Ltd.'s
- NSFOCUS Network Intrusion Prevention System (NIPS)
- NSFOCUS Security Gate (SG)

Use of the official CVE-Compatible logo will allow system administrators and
other security professionals to look for the logo when adopting
vulnerability management products and services for their enterprises and the
compatibility process questionnaire will help end-users compare how
different products and services satisfy the CVE compatibility requirements,
and therefore which specific implementations are best for their networks and
systems.

For additional information about CVE compatibility and to review all
products and services listed, visit the CVE Compatibility Process and
CVE-Compatible Products and Services.

LINKS:

Rsam - http://www.rsam.com/

NSFocus Information Technology (Beijing) Co., Ltd. - http://www.nsfocus.com/

CVE Compatibility Process - http://cve.mitre.org/compatible/process.html

CVE-Compatible Products - http://cve.mitre.org/compatible/

---------------------------------------------------------------
UPCOMING EVENT:

Security Automation Developer Days - Spring 2011

MITRE will participate in the "Spring 2011 Security Automation Developer
Days" conference on March 22-25, 2011 held at the U.S. National Institute of
Standards and Technology (NIST) in Gaithersburg, Maryland, USA.

The conference will focus on discussing enhancements to existing Security
Content Automation Protocol (SCAP) specifications, content repository
automation and standardization, content development best practices, and
standardizing remediation capabilities. SCAP employs the CVE, CCE, CPE,
OVAL, XCCDF, and CVSS community standards to enable "automated vulnerability
management, measurement, and policy compliance evaluation."

For conference details and to register, visit:
http://www.nist.gov/itl/csd/sec-automation-developer.cfm.

---------------------------------------------------------------
ALSO IN THIS ISSUE:

* CVE/Making Security Measurable Booth at "2011 Information Assurance
Symposium"

* CVE/Making Security Measurable Booth at "RSA 2011"

Read these stories and more news at http://cve.mitre.org/news

---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing

Managing Editor: Steve Boyle, Information Security Technical Center. Writer:
Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE and
provides impartial technical guidance to the CVE Editorial Board on all
matters related to ongoing development of CVE.

To unsubscribe from the CVE-Announce e-newsletter, open a new email message
and copy the following text to the BODY of the message "SIGNOFF
CVE-Announce-list", then send the message to: listserv@lists.mitre.org. To
subscribe, send an email message to listserv@lists.mitre.org with the
following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".

Copyright 2011, The MITRE Corporation. CVE and the CVE logo are registered
trademarks of The MITRE Corporation.

For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org. Learn more about
Making Security Measurable at http://measurablesecurity.mitre.org.

CVE Announce - February 16, 2011 (opt-in newsletter from the CVE Web site)

Welcome to the latest edition of the CVE-Announce e-newsletter. This email
newsletter is designed to bring recent news about CVE, such as new versions,
upcoming conferences, new Web site features, etc. right to your email box.
Common Vulnerabilities and Exposures (CVE) is the standard for information
security vulnerability names. CVE content results from the collaborative
efforts of the CVE Editorial Board, which is comprised of leading
representatives from the information security community. Details on
subscribing (and unsubscribing) to the email newsletter are at the end.
Please feel free to pass this newsletter on to interested colleagues.

Comments: cve@mitre.org

-------------------------------------------------------
CVE-Announce e-newsletter/February 16, 2011
-------------------------------------------------------

Contents:

1. Feature Story
2. HOT TOPIC
3. Also in this Issue
4. Details/Credits + Subscribing and Unsubscribing

FEATURE STORY:

CVE List Surpasses 45,000 CVE Identifiers

The CVE Web site now contains 45,069 unique information security issues with
publicly known names. CVE, which began in 1999 with just 321 common names on
the CVE List, is considered the international standard for public software
vulnerability names. Information security professionals and product vendors
from around the world use CVE Identifiers (CVE-IDs) as a standard method for
identifying vulnerabilities, and for cross-linking among products, services,
and other repositories that use the identifiers.

The widespread adoption of CVE in enterprise security is illustrated by the
numerous CVE-Compatible Products and Services in use throughout industry,
government, and academia for vulnerability management, vulnerability
alerting, intrusion detection, and patch management. Major OS vendors and
other organizations from around the world also include CVE-IDs in their
security alerts to ensure that the international community benefits by
having the identifiers as soon as a problem is announced. CVE-IDs are also
used to uniquely identify vulnerabilities in public watch lists such as the
SANS Top Cyber Security Risks and OWASP Top 10 Web Application Security
Issues.

CVE has also inspired new efforts. MITRE's Common Weakness Enumeration (CWE)
dictionary of software weakness types is based in part on the CVE List, and
its Open Vulnerability and Assessment Language (OVAL) effort uses CVE-IDs
for its standardized OVAL Vulnerability Definitions that test systems for
the presence of CVEs. In addition, the U.S. National Vulnerability Database
(NVD) of CVE fix information that is synchronized with and based on the CVE
List also includes Security Content Automation Protocol (SCAP) content. SCAP
employs community standards to enable "automated vulnerability management,
measurement, and policy compliance evaluation (e.g., FISMA compliance)," and
CVE is one of the six existing open standards SCAP uses for enumerating,
evaluating, and measuring the impact of software problems and reporting
results.

Each of the 45,000+ identifiers on the CVE List includes the following: CVE
Identifier number (i.e., "CVE-1999-0067"); brief description of the security
vulnerability; and pertinent references such as vulnerability reports and
advisories or OVAL-ID. Visit the CVE List page to download the complete list
in various formats or to look-up an individual identifier. Fix information
and enhanced searching of CVE is available from NVD.

LINKS:

CVE List - http://cve.mitre.org/cve/

NVD - http://nvd.nist.gov/

CVE-Compatible Products and Services -
http://cve.mitre.org/compatible/compatible.html

---------------------------------------------------------------
HOT TOPIC:

Visit the CVE/Making Security Measurable Booth at "RSA 2011," February 14-18

Members of the CVE Team will be in attendance at MITRE's Making Security
Measurable booth at "RSA 2011" underway right now at the Moscone Center in
San Francisco, California, USA.

Please stop by Booth 2617 and say hello!

LINKS:

RSA 2011 - http://www.rsaconference.com/2011/usa/

Making Security Measurable - http://makingsecuritymeasurable.mitre.org/

CVE Calendar - http://cve.mitre.org/news/calendar.html

---------------------------------------------------------------
ALSO IN THIS ISSUE:

* 1 Product from Neusoft Corporation Now Registered as Officially
"CVE-Compatible"

Read these stories and more news at http://cve.mitre.org/news

---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing

Managing Editor: Steve Boyle, Information Security Technical Center. Writer:
Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE and
provides impartial technical guidance to the CVE Editorial Board on all
matters related to ongoing development of CVE.

To unsubscribe from the CVE-Announce e-newsletter, open a new email message
and copy the following text to the BODY of the message "SIGNOFF
CVE-Announce-list", then send the message to: listserv@lists.mitre.org. To
subscribe, send an email message to listserv@lists.mitre.org with the
following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".

Copyright 2011, The MITRE Corporation. CVE and the CVE logo are registered
trademarks of The MITRE Corporation.

For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org. Learn more about
Making Security Measurable at http://measurablesecurity.mitre.org.

CVE Announce - February 11, 2011 (opt-in newsletter from the CVE Web site)

Welcome to the latest edition of the CVE-Announce e-newsletter. This email
newsletter is designed to bring recent news about CVE, such as new versions,
upcoming conferences, new Web site features, etc. right to your email box.
Common Vulnerabilities and Exposures (CVE) is the standard for information
security vulnerability names. CVE content results from the collaborative
efforts of the CVE Editorial Board, which is comprised of leading
representatives from the information security community. Details on
subscribing (and unsubscribing) to the email newsletter are at the end.
Please feel free to pass this newsletter on to interested colleagues.

Comments: cve@mitre.org

-------------------------------------------------------
CVE-Announce e-newsletter/February 11, 2011
-------------------------------------------------------

Contents:

1. Feature Story
2. HOT TOPIC
3. Also in this Issue
4. Details/Credits + Subscribing and Unsubscribing

FEATURE STORY:

CVE/Making Security Measurable Booth at "RSA 2011," February 14-18

MITRE is scheduled to host a Making Security Measurable booth at "RSA 2011"
at the Moscone Center in San Francisco, California, USA, on February 14-18,
2011. Attendees will learn how information security data standards such as
CVE, OVAL, CWE, CAPEC, MAEC, CCE, CEE, etc., facilitate both effective
security process coordination and the use of automation to assess, manage,
and improve the security posture of enterprise security information
infrastructures.

Members of the CVE Team will be in attendance. Please stop by Booth 2617 and
say hello!

LINKS:

RSA 2011 - http://www.rsaconference.com/2011/usa/

Making Security Measurable - http://makingsecuritymeasurable.mitre.org/

CVE Calendar - http://cve.mitre.org/news/calendar.html

---------------------------------------------------------------
HOT TOPIC:

1 Product from Neusoft Corporation Now Registered as Officially
"CVE-Compatible"

One additional information security product has achieved the final stage of
MITRE's formal CVE Compatibility Process and is now officially
"CVE-Compatible." The product is now eligible to use the CVE-Compatible
Product/Service logo, and a completed and reviewed "CVE Compatibility
Requirements Evaluation" questionnaire is posted for the product as part of
the organization's listing on the CVE-Compatible Products and Services page
on the CVE Web site. A total of 114 products to-date have been recognized as
officially compatible.

The following products are now registered as officially "CVE-Compatible":

* Neusoft Corporation - NISG-IPS

Use of the official CVE-Compatible logo will allow system administrators and
other security professionals to look for the logo when adopting
vulnerability management products and services for their enterprises and the
compatibility process questionnaire will help end-users compare how
different products and services satisfy the CVE compatibility requirements,
and therefore which specific implementations are best for their networks and
systems.

For additional information about CVE compatibility and to review all
products and services listed, visit the CVE Compatibility Process and
CVE-Compatible Products and Services.

LINKS:

Neusoft Corporation - http://www.neusoft.com/

CVE Compatibility Process - http://cve.mitre.org/compatible/process.html

CVE-Compatible Products - http://cve.mitre.org/compatible/

---------------------------------------------------------------
ALSO IN THIS ISSUE:

* CVE/Making Security Measurable Booth at "Black Hat DC 2011"

Read these stories and more news at http://cve.mitre.org/news

---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing

Managing Editor: Steve Boyle, Information Security Technical Center. Writer:
Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE and
provides impartial technical guidance to the CVE Editorial Board on all
matters related to ongoing development of CVE.

To unsubscribe from the CVE-Announce e-newsletter, open a new email message
and copy the following text to the BODY of the message "SIGNOFF
CVE-Announce-list", then send the message to: listserv@lists.mitre.org. To
subscribe, send an email message to listserv@lists.mitre.org with the
following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".

Copyright 2011, The MITRE Corporation. CVE and the CVE logo are registered
trademarks of The MITRE Corporation.

For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org. Learn more about
Making Security Measurable at http://measurablesecurity.mitre.org.

CVE Announce - January 14, 2011 (opt-in newsletter from the CVE Web site)

Welcome to the latest edition of the CVE-Announce e-newsletter. This email
newsletter is designed to bring recent news about CVE, such as new versions,
upcoming conferences, new Web site features, etc. right to your email box.
Common Vulnerabilities and Exposures (CVE) is the standard for information
security vulnerability names. CVE content results from the collaborative
efforts of the CVE Editorial Board, which is comprised of leading
representatives from the information security community. Details on
subscribing (and unsubscribing) to the email newsletter are at the end.
Please feel free to pass this newsletter on to interested colleagues.

Comments: cve@mitre.org

-------------------------------------------------------
CVE-Announce e-newsletter/January 14, 2011
-------------------------------------------------------

Contents:

1. Feature Story
2. Upcoming Event
3. Also in this Issue
4. Details/Credits + Subscribing and Unsubscribing

FEATURE STORY:

2 Products from Secunia Now Registered as Officially "CVE-Compatible"

Two additional information security products and services have achieved the
final stage of MITRE's formal CVE Compatibility Process and are now
officially "CVE-Compatible." The products and services are now eligible to
use the CVE-Compatible Product/Service logo, and a completed and reviewed
"CVE Compatibility Requirements Evaluation" questionnaire is posted for each
product as part of the organization's listing on the CVE-Compatible Products
and Services page on the CVE Web site. A total of 113 products to-date have
been recognized as officially compatible.

The following products are now registered as officially "CVE-Compatible":

* Secunia - Secunia Vulnerability Intelligence Manager (VIM)
- Secunia Vulnerability Database Website

Use of the official CVE-Compatible logo will allow system administrators and
other security professionals to look for the logo when adopting
vulnerability management products and services for their enterprises and the
compatibility process questionnaire will help end-users compare how
different products and services satisfy the CVE compatibility requirements,
and therefore which specific implementations are best for their networks and
systems.

For additional information about CVE compatibility and to review all
products and services listed, visit the CVE Compatibility Process and
CVE-Compatible Products and Services.

LINKS:

Secunia - http://secunia.com/

CVE Compatibility Process - http://cve.mitre.org/compatible/process.html

CVE-Compatible Products - http://cve.mitre.org/compatible/

---------------------------------------------------------------
UPCOMING EVENT:

CVE/Making Security Measurable Booth at "Black Hat DC 2011," January 18-19

MITRE will host a CVE/Making Security Measurable booth at "Black Hat DC
2011," on January 18-19, 2011 in Arlington, Virginia, USA. Attendees will
learn how information security data standards facilitate both effective
security process coordination and the use of automation to assess, manage,
and improve the security posture of enterprise security information
infrastructures. Please stop by Booth #9 and say hello!

Visit the CVE Calendar for information on this and other events.

LINKS:

Black Hat DC 2011 - http://www.blackhat.com/

Making Security Measurable - http://makingsecuritymeasurable.mitre.org/

CVE Calendar - http://cve.mitre.org/news/calendar.html

---------------------------------------------------------------
ALSO IN THIS ISSUE:

* Radware Ltd. Makes Declaration of CVE Compatibility

* MITRE Announces Initial "Making Security Measurable" Calendar of Events
for 2011

Read these stories and more news at http://cve.mitre.org/news

---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing

Managing Editor: Steve Boyle, Information Security Technical Center. Writer:
Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE and
provides impartial technical guidance to the CVE Editorial Board on all
matters related to ongoing development of CVE.

To unsubscribe from the CVE-Announce e-newsletter, open a new email message
and copy the following text to the BODY of the message "SIGNOFF
CVE-Announce-list", then send the message to: listserv@lists.mitre.org. To
subscribe, send an email message to listserv@lists.mitre.org with the
following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".

Copyright 2011, The MITRE Corporation. CVE and the CVE logo are registered
trademarks of The MITRE Corporation.

For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org. Learn more about
Making Security Measurable at http://measurablesecurity.mitre.org.