CVE Announce - July 28, 2011 (opt-in newsletter from the CVE Web site)

Welcome to the latest edition of the CVE-Announce e-newsletter. This email
newsletter is designed to bring recent news about CVE, such as new versions,
upcoming conferences, new Web site features, etc. right to your email box.
Common Vulnerabilities and Exposures (CVE) is the standard for information
security vulnerability names. CVE content results from the collaborative
efforts of the CVE Editorial Board, which is comprised of leading
representatives from the information security community. Details on
subscribing (and unsubscribing) to the email newsletter are at the end.
Please feel free to pass this newsletter on to interested colleagues.

Comments: cve@mitre.org

-------------------------------------------------------
CVE-Announce e-newsletter/July 28, 2011
-------------------------------------------------------

Contents:

1. Feature Story
2. Also in this Issue
3. Details/Credits + Subscribing and Unsubscribing

FEATURE STORY:

CVE/Making Security Measurable Booth at "Black Hat Briefings 2011"

MITRE will host a CVE/Making Security Measurable booth at "Black Hat
Briefings 2011" on August 3-4, 2011 at Caesars Palace Las Vegas in Las
Vegas, Nevada, USA.

Please visit us at Booth 307 and say hello!

Visit the CVE Calendar for information on this and other events.

LINKS:

Black Hat Briefings 2011 - http://www.blackhat.com/

Making Security Measurable - http://measurablesecurity.mitre.org/

CVE Calendar - http://cve.mitre.org/news/calendar.html

---------------------------------------------------------------
ALSO IN THIS ISSUE:

* SECUI.COM Corporation Makes Declaration of CVE Compatibility

* 1 Product from Fortinet, Inc. Now Registered as Officially
"CVE-Compatible"

Read these stories and more news at http://cve.mitre.org/news

---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing

Managing Editor: Steve Boyle, Information Security Technical Center. Writer:
Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE and
provides impartial technical guidance to the CVE Editorial Board on all
matters related to ongoing development of CVE.

To unsubscribe from the CVE-Announce e-newsletter, open a new email message
and copy the following text to the BODY of the message "SIGNOFF
CVE-Announce-list", then send the message to: listserv@lists.mitre.org. To
subscribe, send an email message to listserv@lists.mitre.org with the
following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".

Copyright 2011, The MITRE Corporation. CVE and the CVE logo are registered
trademarks of The MITRE Corporation.

For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org. Learn more about
Making Security Measurable at http://measurablesecurity.mitre.org.

CVE Announce - July 6, 2011 (opt-in newsletter from the CVE Web site)

Welcome to the latest edition of the CVE-Announce e-newsletter. This email
newsletter is designed to bring recent news about CVE, such as new versions,
upcoming conferences, new Web site features, etc. right to your email box.
Common Vulnerabilities and Exposures (CVE) is the standard for information
security vulnerability names. CVE content results from the collaborative
efforts of the CVE Editorial Board, which is comprised of leading
representatives from the information security community. Details on
subscribing (and unsubscribing) to the email newsletter are at the end.
Please feel free to pass this newsletter on to interested colleagues.

Comments: cve@mitre.org

-------------------------------------------------------
CVE-Announce e-newsletter/July 6, 2011
-------------------------------------------------------

Contents:

1. Feature Story
2. Hot Topic
3. Also in this Issue
4. Details/Credits + Subscribing and Unsubscribing

FEATURE STORY:

1 Product from Fortinet, Inc. Now Registered as Officially "CVE-Compatible"

One additional information security product has achieved the final stage of
MITRE's formal CVE Compatibility Process and is now officially
"CVE-Compatible." The product is now eligible to use the CVE-Compatible
Product/Service logo, and a completed and reviewed "CVE Compatibility
Requirements Evaluation" questionnaire is posted for the product as part of
the organization's listing on the CVE-Compatible Products and Services page
on the CVE Web site. A total of 121 products to-date have been recognized as
officially compatible.

The following product is now registered as officially "CVE-Compatible":

* Fortinet, Inc. - FortiGuard

Use of the official CVE-Compatible logo will allow system administrators and
other security professionals to look for the logo when adopting
vulnerability management products and services for their enterprises and the
compatibility process questionnaire will help end-users compare how
different products and services satisfy the CVE compatibility requirements,
and therefore which specific implementations are best for their networks and
systems.

For additional information about CVE compatibility and to review all
products and services listed, visit the CVE Compatibility Process and
CVE-Compatible Products and Services.

LINKS:

Fortinet, Inc. - http://cve.mitre.org/compatible/questionnaires/135.html

CVE Compatibility Process - http://cve.mitre.org/compatible/process.html

CVE-Compatible Products - http://cve.mitre.org/compatible/

---------------------------------------------------------------
HOT TOPIC:

CVE Included as Reporting Requirement in 2011 FISMA Continuous Monitoring
Compliance Document

CVE was included in the "2011 Chief Information Officer Federal Information
Security Management Act Reporting Metrics" document issued on June 1, 2011
by the U.S. Department of Homeland Security and National Institute of
Standards and Technology. The document provides cybersecurity status
reporting metrics for government agencies under the Federal Information
Security Management Act (FISMA) that focus on the ability to automate system
monitoring and security controls.

CVE is included as a reporting requirement in Section 4, Vulnerability
Management: "Provide the number of Agency information technology assets
where an automated capability provides visibility at the Agency level into
detailed vulnerability information (Common Vulnerabilities and Exposures -
CVE)."

CVE is included again as a reporting requirement in Section 12, Software
Assurance, subsection 12.1b., which states: "Provide the number of the
information systems above (12.1a) where the tools generated output compliant
with: 12.1b (1). Common Vulnerabilities and Exposures (CVE) 12.1b (2).
Common Weakness Enumeration (CWE) 12.1b (3). Common Vulnerability Scoring
System (CVSS) 12.1b (4). Open Vulnerability and Assessment Language (OVAL)."

LINK:

2011 FISMA Continuous Monitoring Compliance Document -
http://www.sans.org/critical-security-controls/fisma.pdf

---------------------------------------------------------------
ALSO IN THIS ISSUE:

* SECUI.COM Corporation Makes Declaration of CVE Compatibility

* Briefing Slides from MITRE's "Security Automation Developer Days 2011" Now
Available

* CVE Mentioned in "Government Computer News" Article about Security
Reporting Metrics

Read these stories and more news at http://cve.mitre.org/news

---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing

Managing Editor: Steve Boyle, Information Security Technical Center. Writer:
Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE and
provides impartial technical guidance to the CVE Editorial Board on all
matters related to ongoing development of CVE.

To unsubscribe from the CVE-Announce e-newsletter, open a new email message
and copy the following text to the BODY of the message "SIGNOFF
CVE-Announce-list", then send the message to: listserv@lists.mitre.org. To
subscribe, send an email message to listserv@lists.mitre.org with the
following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".

Copyright 2011, The MITRE Corporation. CVE and the CVE logo are registered
trademarks of The MITRE Corporation.

For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org. Learn more about
Making Security Measurable at http://measurablesecurity.mitre.org.