newsletter is designed to bring recent news about CVE, such as new versions,
upcoming conferences, new Web site features, etc. right to your email box.
Common Vulnerabilities and Exposures (CVE) is the standard for information
security vulnerability names. CVE content results from the collaborative
efforts of the CVE Editorial Board, which is comprised of leading
representatives from the information security community. Details on
subscribing (and unsubscribing) to the email newsletter are at the end.
Please feel free to pass this newsletter on to interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/December 16, 2011
-------------------------------------------------------
Contents:
1. Feature Story
2. HOT TOPIC
3. Also in this Issue
4. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
CVE-IDs Now Mapped to DISA's Information Assurance Vulnerability Alerts
CVE-IDs are now mapped to the U.S. Defense Information System Agency's
(DISA) Information Assurance Vulnerability Management (IAVM) alerts, free
downloads of which are available in Microsoft Excel (XLS) and Extensible
Markup Language (XML) format on DISA's public Security Technical
Implementation Guides (STIG) Web site at
http://iase.disa.mil/stigs/index.html.
LINKS:
IAVA CVE Mappings - http://iase.disa.mil/stigs/iavm-cve.html
CVE List - http://cve.mitre.org/cve/
---------------------------------------------------------------
HOT TOPIC:
CVE Mentioned in U.S. Department of Homeland Security's "Blueprint for a
Secure Cyber Future"
CVE is mentioned in the December 12, 2011 release of the Department of
Homeland Security's "Blueprint for a Secure Cyber Future: The Cybersecurity
Strategy for the Homeland Security Enterprise" on the DHS Web site.
The blueprint, as described on the DHS blog, "outlines an integrated
approach to enable the homeland security community to leverage existing
capabilities and promote technological advances that make government, the
private sector and the public safer, more secure, and more resilient online.
Specific actions outlined in the strategy range from hardening critical
networks and prosecuting cybercrime to raising public awareness and training
a national cybersecurity workforce. Cybersecurity is a shared
responsibility, and each of us has a role to play. In today's interconnected
world, emerging cyber threats require the engagement of our entire society
including government and law enforcement, the private sector, and members of
the public. In preparing this strategy, the Department benefited from the
constructive engagement of representatives from state and local governments,
industry, academia, non-governmental organizations, and many dedicated
individuals from across the country. As we implement this strategy, DHS will
continue to work with partners across the homeland security enterprise to
implement the goals outlined in the Blueprint."
CVE is mentioned in the blueprint itself as one of two "Core capabilities
for the homeland security enterprise in the "Increase Technical and Policy
Interoperability Across Devices" subsection of the "Build Collaborative
Communities" section of the blueprint, as follows: "On a device-to-device
level, strengthen collaboration, create new intelligence, hasten learning,
and improve situational awareness ... A proven ability to communicate about
cyber incidents through standardized dictionaries of key informational
elements, including software vulnerabilities, weaknesses, patterns of
attack, and malware classification as well as security content that is
structured for automated sharing where appropriate. Resources include the
National Vulnerability Database, Common Vulnerabilities and Exposures (CVE),
and the Information Assurance Checklists housed on the National Checklist
Program."
The blueprint is available for free download at
http://www.dhs.gov/files/publications/blueprint-for-a-secure-cyber-future.sh
tm.
---------------------------------------------------------------
ALSO IN THIS ISSUE:
* CVE Included in Article about Tool that Automatically Detects
Vulnerabilities in Embedded Linux Libraries in "SC Magazine"
Read these stories and more news at http://cve.mitre.org/news
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: Steve Boyle, Information Security Technical Center. Writer:
Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE and
provides impartial technical guidance to the CVE Editorial Board on all
matters related to ongoing development of CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new email message
and copy the following text to the BODY of the message "SIGNOFF
CVE-Announce-list", then send the message to: listserv@lists.mitre.org. To
subscribe, send an email message to listserv@lists.mitre.org with the
following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".
Copyright 2011, The MITRE Corporation. CVE and the CVE logo are registered
trademarks of The MITRE Corporation.
For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org. Learn more about
Making Security Measurable at http://measurablesecurity.mitre.org.
No comments:
Post a Comment