newsletter is designed to bring recent news about CVE, such as new versions,
upcoming conferences, new Web site features, etc. right to your email box.
Common Vulnerabilities and Exposures (CVE) is the standard for information
security vulnerability names. CVE content results from the collaborative
efforts of the CVE Editorial Board, which is comprised of leading
representatives from the information security community. Details on
subscribing (and unsubscribing) to the email newsletter are at the end.
Please feel free to pass this newsletter on to interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/May 10, 2011
-------------------------------------------------------
Contents:
1. Feature Story
2. Hot Topic
3. Also in this Issue
4. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
MITRE to Host "Security Automation Developer Days 2011" on June 14-17
MITRE Corporation will host the third "Security Automation Developer Days"
conference on June 14-17, 2011, at MITRE in Bedford, Massachusetts, USA.
This four-day conference is technical in nature and will focus on the U.S.
National Institute of Standards and Technology's (NIST) Security Content
Automation Protocol (SCAP).
The purpose of the event is for the community to discuss SCAP - and those
existing standards upon which it is based including CVE, Open Vulnerability
and Assessment Language (OVAL), Common Configuration Enumeration (CCE),
Common Platform Enumeration (CPE), Extensible Configuration Checklist
Description Format (XCCDF), etc. - in technical detail and to derive
solutions that benefit all concerned parties. All current and emerging SCAP
standards are addressed at this workshop. MITRE first hosted Developer Days
in 2005 and has been running them annually ever since. The model for these
technical exchanges has since been adopted as the format used by the
Security Automation community.
An agenda will be available soon. For registration, lodging, and other
conference details, please visit: https://register.mitre.org/devdays/.
LINKS:
SCAP - http://scap.nist.gov/
CVE - http://cve.mitre.org/
OVAL - http://oval.mitre.org/
CCE - http://cce.mitre.org/
CPE - http://cpe.mitre.org/
Conference Registration - https://register.mitre.org/devdays/
---------------------------------------------------------------
HOT TOPIC:
CVE Mentioned in Article about Cybersecurity Collaboration in
"InformationWeek"
CVE was mentioned in an article entitled "Why Cybersecurity Partnerships
Matter" in "InformationWeek" on March 26, 2011. The main topic of the
article is why the "public and private sectors must collaborate in new ways
to ward off dangerous threats to critical systems and IT infrastructure."
The author describes three ways such partnerships can improve cybersecurity:
"First, the public and private sectors need to share more information - more
parties must be included and new platforms used. Second, they must pay more
attention to defending against attacks that threaten critical IT
infrastructure and even damage physical facilities. Third, their
collaboration must be ratcheted up to the next level - real-time
identification and response as threats occur" [and so security practices are
proactive and preemptive rather than reactionary]."
CVE is mentioned when the author states: "The opportunity is in harnessing a
wider array of perspectives and ideas than happens now with a closed loop of
participants. We know it's possible because we do it already with software
and hardware vulnerabilities in the form of the Common Vulnerability and
Exposures, or CVE. With MITRE as the editor and numbering authority for CVE
identifiers, data gets collected and used across the industry."
LINKS:
InformationWeek article -
http://www.informationweek.com/news/government/security/229301141
CVE - http://cve.mitre.org/
---------------------------------------------------------------
ALSO IN THIS ISSUE:
* MITRE Hosts CVE/Making Security Measurable Booth at "InfoSec World 2011"
* CVE Included in Department of Homeland Security's "Enabling Distributed
Security in Cyberspace" White Paper
Read these stories and more news at http://cve.mitre.org/news
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: Steve Boyle, Information Security Technical Center. Writer:
Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE and
provides impartial technical guidance to the CVE Editorial Board on all
matters related to ongoing development of CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new email message
and copy the following text to the BODY of the message "SIGNOFF
CVE-Announce-list", then send the message to: listserv@lists.mitre.org. To
subscribe, send an email message to listserv@lists.mitre.org with the
following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".
Copyright 2011, The MITRE Corporation. CVE and the CVE logo are registered
trademarks of The MITRE Corporation.
For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org. Learn more about
Making Security Measurable at http://measurablesecurity.mitre.org.
