Welcome to the latest edition of the CVE-Announce e-newsletter. This email
newsletter is designed to bring recent news about CVE, such as new versions,
upcoming conferences, new Web site features, etc. right to your email box.
Common Vulnerabilities and Exposures (CVE) is the standard for information
security vulnerability names. CVE content results from the collaborative
efforts of the CVE Editorial Board, which is comprised of leading
representatives from the information security community. Details on
subscribing (and unsubscribing) to the email newsletter are at the end.
Please feel free to pass this newsletter on to interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/April 13, 2011
-------------------------------------------------------
Contents:
1. Feature Story
2. Upcoming Event
3. Also in this Issue
4. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
CVE Included in Department of Homeland Security's "Enabling Distributed
Security in Cyberspace" White Paper
CVE was included in the U.S. Department of Homeland Security (DHS) "Enabling
Distributed Security in Cyberspace" white paper published on March 23, 2011
on the DHS Web site Blog. The main topic of the white paper is "how
prevention and defense can be enhanced through three security building
blocks: automation, interoperability, and authentication. If these building
blocks were incorporated into cyber devices and processes, cyber
stakeholders would have significantly stronger means to identify and respond
to threats - creating and exchanging trusted information and coordinating
courses of action in near real time."
The paper defines Interoperability as already being "enabled through an
approach that has been refined over the past decade by many in industry,
academia, and government. It is an information-oriented approach, generally
referred to as [cyber] security content automation ..." and is comprised of
(1) Enumerations "of the fundamental entities of cybersecurity" and lists
CVE, CCE, CPE, CWE, and CAPEC; (2) Languages and Formats that "incorporate
enumerations and support the creation of machine-readable security state
assertions, assessment results, audit logs, messages, and reports" and lists
OVAL, CEE, and MAEC; and (3) Knowledge Repositories that "contain a broad
collection of best practices, benchmarks, profiles, standards, templates,
checklists, tools, guidelines, rules, and principles, among others" that are
based upon or incorporate data from these standards.
The paper also states that these eight established community enumeration and
language standards that have been in use within the community for years can
be further leveraged moving forward because they are "standards [that] build
upon themselves to expand functionality over time", and projections of that
expanding utility are provided through 2014.
LINKS:
DHS white paper -
http://www.dhs.gov/xlibrary/assets/nppd-cyber-ecosystem-white-paper-03-23-20
11.pdf.
CVE - http://cve.mitre.org/
CCE - http://cce.mitre.org/
CPE - http://cpe.mitre.org/
CWE - http://cwe.mitre.org/
CAPEC - http://capec.mitre.org/
CEE - http://cee.mitre.org/
MAEC - http://maec.mitre.org/
OVAL - http://oval.mitre.org/
---------------------------------------------------------------
UPCOMING EVENT:
MITRE to Host CVE/Making Security Measurable Booth at "InfoSec World 2011,"
April 19-21
MITRE will host a CVE/Making Security Measurable booth at "InfoSec World
Conference & Expo 2011" at Disney's Contemporary Resort in Orlando, Florida,
USA, on April 19-21, 2011.
Members of the CVE Team will be in attendance. Please stop by Booth 307 and
say hello!
Visit the CVE Calendar for information on this and other events.
LINKS:
InfoSec World 2011 - http://www.misti.com/infosecworld
Making Security Measurable - http://measurablesecurity.mitre.org/
CVE Calendar - http://cve.mitre.org/news/calendar.html
---------------------------------------------------------------
ALSO IN THIS ISSUE:
* Hangzhou DPtech Technologies Co., Ltd. Makes Two Declarations of CVE
Compatibility
* Fortinet, Inc. Makes Declaration of CVE Compatibility
Read these stories and more news at http://cve.mitre.org/news
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: Steve Boyle, Information Security Technical Center. Writer:
Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE and
provides impartial technical guidance to the CVE Editorial Board on all
matters related to ongoing development of CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new email message
and copy the following text to the BODY of the message "SIGNOFF
CVE-Announce-list", then send the message to: listserv@lists.mitre.org. To
subscribe, send an email message to listserv@lists.mitre.org with the
following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".
Copyright 2011, The MITRE Corporation. CVE and the CVE logo are registered
trademarks of The MITRE Corporation.
For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org. Learn more about
Making Security Measurable at http://measurablesecurity.mitre.org.
