Welcome to the latest issue of the CVE-Announce e-newsletter. This email
newsletter is designed to bring recent news about CVE, such as new versions,
upcoming conferences, new Web site features, etc. right to your email box.
Common Vulnerabilities and Exposures (CVE) is the standard for information
security vulnerability names. CVE content results from the collaborative
efforts of the CVE Editorial Board, which is comprised of leading
representatives from the information security community. Details on
subscribing (and unsubscribing) to the email newsletter are at the end.
Please feel free to pass this newsletter on to interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/December 21, 2012
-------------------------------------------------------
Contents:
1. Feature Story
2. Hot Topic
3. Also in this Issue
4. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
2 Products from Huawei Technologies Now Registered as Officially
"CVE-Compatible"
Two additional information security products and services have achieved the
final stage of MITRE's formal CVE Compatibility Process and are now
officially "CVE-Compatible." The products and services are now eligible to
use the CVE-Compatible Product/Service logo, and a completed and reviewed
"CVE Compatibility Requirements Evaluation" questionnaire is posted for each
product as part of the organization's listing on the CVE-Compatible Products
and Services page on the CVE Web site. A total of 135 products to-date have
been recognized as officially compatible.
The following products are now registered as officially "CVE-Compatible":
* Huawei Technologies Co., Ltd.'s
- Huawei Network Intelligent Protection System (NIP)
- Huawei Network Intrusion Detection System (NIP D)
Use of the official CVE-Compatible logo will allow system administrators and
other security professionals to look for the logo when adopting
vulnerability management products and services for their enterprises and the
compatibility process questionnaire will help end-users compare how
different products and services satisfy the CVE compatibility requirements,
and therefore which specific implementations are best for their networks and
systems.
For additional information about CVE compatibility and to review all
products and services listed, visit the CVE Compatibility Process and
CVE-Compatible Products and Services.
LINKS:
Huawei NIP D - http://cve.mitre.org/compatible/questionnaires/150.html
Huawei NIP - http://cve.mitre.org/compatible/questionnaires/149.html
CVE Compatibility Process - http://cve.mitre.org/compatible/process.html
CVE Compatibility Requirements -
http://cve.mitre.org/compatible/requirements.html
CVE-Compatible Products and Services - http://cve.mitre.org/compatible/
Make a Declaration - http://cve.mitre.org/compatible/make_a_declaration.html
---------------------------------------------------------------
UPCOMING EVENT:
Mozilla and Symantec Added as CVE Numbering Authorities (CNAs)
Mozilla Corporation and Symantec Corporation now listed as Software Vendors
on the CVE Numbering Authority (CNA) page. CNAs are organizations that
distribute CVE-ID numbers to researchers and information technology vendors
for inclusion in first-time public announcements of new vulnerabilities,
without directly involving MITRE in the details of the specific
vulnerabilities.
Learn more about CNAs, including an introduction to CVE-ID reservation, role
and requirements of CNAs, vendor liaisons, researcher responsibilities, and
the process for requesting CVE-ID numbers, on the CVE Numbering Authority
(CNA) page in the CVE List section.
LINKS:
Mozilla - http://www.mozilla.org/en-US/
Symantec - http://www.symantec.com/
CVE Numbering Authority (CNA) page -
http://cve.mitre.org/cve/cna.html#participating_cnas
CVE List - http://cve.mitre.org/cve
---------------------------------------------------------------
ALSO IN THIS ISSUE:
* Opzoon Technology Makes Three Declarations of CVE Compatibility
Read these stories and more news at http://cve.mitre.org/news
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: Steve Boyle, Information Security Technical Center. Writer:
Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE and
provides impartial technical guidance to the CVE Editorial Board on all
matters related to ongoing development of CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new email message
and copy the following text to the BODY of the message "SIGNOFF
CVE-Announce-list", then send the message to: listserv@lists.mitre.org. To
subscribe, send an email message to listserv@lists.mitre.org with the
following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".
Copyright 2012, The MITRE Corporation. CVE and the CVE logo are registered
trademarks of The MITRE Corporation.
For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org. Learn more about
Making Security Measurable at http://measurablesecurity.mitre.org.
Thursday, December 20, 2012
Wednesday, December 12, 2012
CVE Announce - December 13, 2012 (opt-in newsletter from the CVE Web site)
Welcome to the latest issue of the CVE-Announce e-newsletter. This email
newsletter is designed to bring recent news about CVE, such as new versions,
upcoming conferences, new Web site features, etc. right to your email box.
Common Vulnerabilities and Exposures (CVE) is the standard for information
security vulnerability names. CVE content results from the collaborative
efforts of the CVE Editorial Board, which is comprised of leading
representatives from the information security community. Details on
subscribing (and unsubscribing) to the email newsletter are at the end.
Please feel free to pass this newsletter on to interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/December 13, 2012
-------------------------------------------------------
Contents:
1. Feature Story
2. Hot Topic
3. Also in this Issue
4. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
1 Product from NGS Software Now Registered as Officially "CVE-Compatible"
One additional information security product has achieved the final stage of
MITRE's formal CVE Compatibility Process and is now officially
"CVE-Compatible." The product is now eligible to use the CVE-Compatible
Product/Service logo, and a completed and reviewed "CVE Compatibility
Requirements Evaluation" questionnaire is posted for the product as part of
the organization's listing on the CVE-Compatible Products and Services page
on the CVE Web site. A total of 133 products to-date have been recognized as
officially compatible.
The following product is now registered as officially "CVE-Compatible":
* NGS Software - NGS SQuirreL for Oracle
Use of the official CVE-Compatible logo will allow system administrators and
other security professionals to look for the logo when adopting
vulnerability management products and services for their enterprises and the
compatibility process questionnaire will help end-users compare how
different products and services satisfy the CVE compatibility requirements,
and therefore which specific implementations are best for their networks and
systems.
For additional information about CVE compatibility and to review all
products and services listed, visit the CVE Compatibility Process and
CVE-Compatible Products and Services.
LINKS:
NGS SQuirreL for Oracle -
http://cve.mitre.org/compatible/questionnaires/148.html
CVE Compatibility Process - http://cve.mitre.org/compatible/process.html
CVE Compatibility Requirements -
http://cve.mitre.org/compatible/requirements.html
CVE-Compatible Products and Services - http://cve.mitre.org/compatible/
Make a Declaration - http://cve.mitre.org/compatible/make_a_declaration.html
---------------------------------------------------------------
UPCOMING EVENT:
ICS-CERT Added as a CVE Numbering Authority
Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) is now
listed as a third-party coordinator on the CVE Numbering Authority (CNA)
page. CNAs are organizations that distribute CVE-ID numbers to researchers
and information technology vendors for inclusion in first-time public
announcements of new vulnerabilities, without directly involving MITRE in
the details of the specific vulnerabilities.
Learn more about CNAs, including an introduction to CVE-ID reservation, role
and requirements of CNAs, vendor liaisons, researcher responsibilities, and
the process for requesting CVE-ID numbers, on the CVE Numbering Authority
(CNA) page in the CVE List section.
LINKS:
ICS-CERT - http://www.us-cert.gov/control_systems/ics-cert/
CVE Numbering Authority (CNA) page -
http://cve.mitre.org/cve/cna.html#participating_cnas
CVE List - http://cve.mitre.org/cve
---------------------------------------------------------------
ALSO IN THIS ISSUE:
* Hewlett-Packard Makes Declaration of CVE Compatibility
Read these stories and more news at http://cve.mitre.org/news
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: Steve Boyle, Information Security Technical Center. Writer:
Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE and
provides impartial technical guidance to the CVE Editorial Board on all
matters related to ongoing development of CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new email message
and copy the following text to the BODY of the message "SIGNOFF
CVE-Announce-list", then send the message to: listserv@lists.mitre.org. To
subscribe, send an email message to listserv@lists.mitre.org with the
following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".
Copyright 2012, The MITRE Corporation. CVE and the CVE logo are registered
trademarks of The MITRE Corporation.
For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org. Learn more about
Making Security Measurable at http://measurablesecurity.mitre.org.
newsletter is designed to bring recent news about CVE, such as new versions,
upcoming conferences, new Web site features, etc. right to your email box.
Common Vulnerabilities and Exposures (CVE) is the standard for information
security vulnerability names. CVE content results from the collaborative
efforts of the CVE Editorial Board, which is comprised of leading
representatives from the information security community. Details on
subscribing (and unsubscribing) to the email newsletter are at the end.
Please feel free to pass this newsletter on to interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/December 13, 2012
-------------------------------------------------------
Contents:
1. Feature Story
2. Hot Topic
3. Also in this Issue
4. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
1 Product from NGS Software Now Registered as Officially "CVE-Compatible"
One additional information security product has achieved the final stage of
MITRE's formal CVE Compatibility Process and is now officially
"CVE-Compatible." The product is now eligible to use the CVE-Compatible
Product/Service logo, and a completed and reviewed "CVE Compatibility
Requirements Evaluation" questionnaire is posted for the product as part of
the organization's listing on the CVE-Compatible Products and Services page
on the CVE Web site. A total of 133 products to-date have been recognized as
officially compatible.
The following product is now registered as officially "CVE-Compatible":
* NGS Software - NGS SQuirreL for Oracle
Use of the official CVE-Compatible logo will allow system administrators and
other security professionals to look for the logo when adopting
vulnerability management products and services for their enterprises and the
compatibility process questionnaire will help end-users compare how
different products and services satisfy the CVE compatibility requirements,
and therefore which specific implementations are best for their networks and
systems.
For additional information about CVE compatibility and to review all
products and services listed, visit the CVE Compatibility Process and
CVE-Compatible Products and Services.
LINKS:
NGS SQuirreL for Oracle -
http://cve.mitre.org/compatible/questionnaires/148.html
CVE Compatibility Process - http://cve.mitre.org/compatible/process.html
CVE Compatibility Requirements -
http://cve.mitre.org/compatible/requirements.html
CVE-Compatible Products and Services - http://cve.mitre.org/compatible/
Make a Declaration - http://cve.mitre.org/compatible/make_a_declaration.html
---------------------------------------------------------------
UPCOMING EVENT:
ICS-CERT Added as a CVE Numbering Authority
Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) is now
listed as a third-party coordinator on the CVE Numbering Authority (CNA)
page. CNAs are organizations that distribute CVE-ID numbers to researchers
and information technology vendors for inclusion in first-time public
announcements of new vulnerabilities, without directly involving MITRE in
the details of the specific vulnerabilities.
Learn more about CNAs, including an introduction to CVE-ID reservation, role
and requirements of CNAs, vendor liaisons, researcher responsibilities, and
the process for requesting CVE-ID numbers, on the CVE Numbering Authority
(CNA) page in the CVE List section.
LINKS:
ICS-CERT - http://www.us-cert.gov/control_systems/ics-cert/
CVE Numbering Authority (CNA) page -
http://cve.mitre.org/cve/cna.html#participating_cnas
CVE List - http://cve.mitre.org/cve
---------------------------------------------------------------
ALSO IN THIS ISSUE:
* Hewlett-Packard Makes Declaration of CVE Compatibility
Read these stories and more news at http://cve.mitre.org/news
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: Steve Boyle, Information Security Technical Center. Writer:
Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE and
provides impartial technical guidance to the CVE Editorial Board on all
matters related to ongoing development of CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new email message
and copy the following text to the BODY of the message "SIGNOFF
CVE-Announce-list", then send the message to: listserv@lists.mitre.org. To
subscribe, send an email message to listserv@lists.mitre.org with the
following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".
Copyright 2012, The MITRE Corporation. CVE and the CVE logo are registered
trademarks of The MITRE Corporation.
For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org. Learn more about
Making Security Measurable at http://measurablesecurity.mitre.org.
Tuesday, September 25, 2012
CVE Announce - September 25, 2012 (opt-in newsletter from the CVE Web site)
Welcome to the latest issue of the CVE-Announce e-newsletter. This email
newsletter is designed to bring recent news about CVE, such as new versions,
upcoming conferences, new Web site features, etc. right to your email box.
Common Vulnerabilities and Exposures (CVE) is the standard for information
security vulnerability names. CVE content results from the collaborative
efforts of the CVE Editorial Board, which is comprised of leading
representatives from the information security community. Details on
subscribing (and unsubscribing) to the email newsletter are at the end.
Please feel free to pass this newsletter on to interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/September 25, 2012
-------------------------------------------------------
Contents:
1. Feature Story
2. Upcoming Event
3. Also in this Issue
4. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
"IT Security Automation Conference 2012," October 3-5 in Baltimore,
Maryland, USA
"ITSAC 2012" is a 3-day event that includes tutorials, conference
proceedings, workshops, opportunities to network and exchange ideas with
your peers in the federal government and private industry sectors, and an
exhibit hall that will offer a chance for the vendors of SCAP and other
tools to demonstrate how their technology meets the standards for
developers, integrators and end-users.
Topics include: strategies for implementing continuous monitoring; using
security automation tools and technologies to ease the technical burdens of
policy compliance; and innovative uses of automation across the enterprise
in both federal government and industry applications. Security automation
leverages standards and specifications to reduce the complexity and time
necessary to manage vulnerabilities, measure security, and ensure
compliance, freeing resources to focus on other areas of the IT
infrastructure.
"ITSAC 2012" will provide public and private sector executives, security
managers and staff, IT professionals, and developers of products and
services with a common understanding for using specific open standards and
new security technologies across various domains of interest including:
* Enabling interoperability across tools
* Automation of risk mitigation measures
* Defining continuous monitoring
* Cloud, virtualization, and continuous monitoring
* New and proven assessment capabilities
* Automating integration of network security systems
* Getting network security basics right
* Future landscape of IT security threats
* Using processes and tools to make practical risk-based decisions
* Impact of mobile devices
* Situational awareness with continuous compliance
"ITSAC 2012" is a forward-looking event focused on innovative and emerging
technologies. Sessions throughout "ITSAC 2012", across multiple tracks, will
incorporate a discussion of these technologies and an analysis of how they
will help security.
ITSAC Registration - https://itsac.g2planet.com/itsac2012
ITSAC Agenda - https://itsac.g2planet.com/itsac2012/2012_ITSAC_Agenda.pdf
ITSAC Flyer - http://scap.nist.gov/events/8thAnnualSAC.PDF
CVE Calendar - http://cve.mitre.org/news/calendar.html
---------------------------------------------------------------
UPCOMING EVENT:
MITRE to Host CVE/Making Security Measurable Booth at "IT Security
Automation Conference 2012," October 3-5
MITRE will host a CVE/Making Security Measurable booth at "IT Security
Automation Conference 2012" on October 3-5, 2012 at the Baltimore Convention
Center in Baltimore Inner Harbor, Maryland, USA.
Please visit us at Booth 23 and say hello!
Visit the CVE Calendar for information on this and other events.
LINKS:
ITSAC 2012 - http://scap.nist.gov/events/
Making Security Measurable - http://measurablesecurity.mitre.org
CVE Calendar - http://cve.mitre.org/news/calendar.html
---------------------------------------------------------------
ALSO IN THIS ISSUE:
* CVE, CWE, and CWE/SANS Top 25 Mentioned in Article about Supply Chain Risk
Management in "CrossTalk Magazine"
Read these stories and more news at http://cve.mitre.org/news
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: Steve Boyle, Information Security Technical Center. Writer:
Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE and
provides impartial technical guidance to the CVE Editorial Board on all
matters related to ongoing development of CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new email message
and copy the following text to the BODY of the message "SIGNOFF
CVE-Announce-list", then send the message to: listserv@lists.mitre.org. To
subscribe, send an email message to listserv@lists.mitre.org with the
following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".
Copyright 2012, The MITRE Corporation. CVE and the CVE logo are registered
trademarks of The MITRE Corporation.
For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org. Learn more about
Making Security Measurable at http://measurablesecurity.mitre.org.
newsletter is designed to bring recent news about CVE, such as new versions,
upcoming conferences, new Web site features, etc. right to your email box.
Common Vulnerabilities and Exposures (CVE) is the standard for information
security vulnerability names. CVE content results from the collaborative
efforts of the CVE Editorial Board, which is comprised of leading
representatives from the information security community. Details on
subscribing (and unsubscribing) to the email newsletter are at the end.
Please feel free to pass this newsletter on to interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/September 25, 2012
-------------------------------------------------------
Contents:
1. Feature Story
2. Upcoming Event
3. Also in this Issue
4. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
"IT Security Automation Conference 2012," October 3-5 in Baltimore,
Maryland, USA
"ITSAC 2012" is a 3-day event that includes tutorials, conference
proceedings, workshops, opportunities to network and exchange ideas with
your peers in the federal government and private industry sectors, and an
exhibit hall that will offer a chance for the vendors of SCAP and other
tools to demonstrate how their technology meets the standards for
developers, integrators and end-users.
Topics include: strategies for implementing continuous monitoring; using
security automation tools and technologies to ease the technical burdens of
policy compliance; and innovative uses of automation across the enterprise
in both federal government and industry applications. Security automation
leverages standards and specifications to reduce the complexity and time
necessary to manage vulnerabilities, measure security, and ensure
compliance, freeing resources to focus on other areas of the IT
infrastructure.
"ITSAC 2012" will provide public and private sector executives, security
managers and staff, IT professionals, and developers of products and
services with a common understanding for using specific open standards and
new security technologies across various domains of interest including:
* Enabling interoperability across tools
* Automation of risk mitigation measures
* Defining continuous monitoring
* Cloud, virtualization, and continuous monitoring
* New and proven assessment capabilities
* Automating integration of network security systems
* Getting network security basics right
* Future landscape of IT security threats
* Using processes and tools to make practical risk-based decisions
* Impact of mobile devices
* Situational awareness with continuous compliance
"ITSAC 2012" is a forward-looking event focused on innovative and emerging
technologies. Sessions throughout "ITSAC 2012", across multiple tracks, will
incorporate a discussion of these technologies and an analysis of how they
will help security.
ITSAC Registration - https://itsac.g2planet.com/itsac2012
ITSAC Agenda - https://itsac.g2planet.com/itsac2012/2012_ITSAC_Agenda.pdf
ITSAC Flyer - http://scap.nist.gov/events/8thAnnualSAC.PDF
CVE Calendar - http://cve.mitre.org/news/calendar.html
---------------------------------------------------------------
UPCOMING EVENT:
MITRE to Host CVE/Making Security Measurable Booth at "IT Security
Automation Conference 2012," October 3-5
MITRE will host a CVE/Making Security Measurable booth at "IT Security
Automation Conference 2012" on October 3-5, 2012 at the Baltimore Convention
Center in Baltimore Inner Harbor, Maryland, USA.
Please visit us at Booth 23 and say hello!
Visit the CVE Calendar for information on this and other events.
LINKS:
ITSAC 2012 - http://scap.nist.gov/events/
Making Security Measurable - http://measurablesecurity.mitre.org
CVE Calendar - http://cve.mitre.org/news/calendar.html
---------------------------------------------------------------
ALSO IN THIS ISSUE:
* CVE, CWE, and CWE/SANS Top 25 Mentioned in Article about Supply Chain Risk
Management in "CrossTalk Magazine"
Read these stories and more news at http://cve.mitre.org/news
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: Steve Boyle, Information Security Technical Center. Writer:
Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE and
provides impartial technical guidance to the CVE Editorial Board on all
matters related to ongoing development of CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new email message
and copy the following text to the BODY of the message "SIGNOFF
CVE-Announce-list", then send the message to: listserv@lists.mitre.org. To
subscribe, send an email message to listserv@lists.mitre.org with the
following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".
Copyright 2012, The MITRE Corporation. CVE and the CVE logo are registered
trademarks of The MITRE Corporation.
For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org. Learn more about
Making Security Measurable at http://measurablesecurity.mitre.org.
Monday, September 10, 2012
Summer Dev Days Minutes are Available
We have just posted the minutes from Security Automation Developer Days 2012 that was held at MITRE, Bedford last July. To access the minutes, please jump to http://measurablesecurity.mitre.org/participation/devdays.html#summer2012
And then click on the link to the minutes.
Steve
______________________________________________
The MITRE Corporation
Office: (781) 271-7682
Cell: (978) 302-3849
Monday, July 30, 2012
CVE Announce - July 31, 2012 (opt-in newsletter from the CVE Web site)
Welcome to the latest issue of the CVE-Announce e-newsletter. This email
newsletter is designed to bring recent news about CVE, such as new versions,
upcoming conferences, new Web site features, etc. right to your email box.
Common Vulnerabilities and Exposures (CVE) is the standard for information
security vulnerability names. CVE content results from the collaborative
efforts of the CVE Editorial Board, which is comprised of leading
representatives from the information security community. Details on
subscribing (and unsubscribing) to the email newsletter are at the end.
Please feel free to pass this newsletter on to interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/July 31, 2012
-------------------------------------------------------
Contents:
1. Feature Story
2. Upcoming Event
3. Hot Topic
4. Also in this Issue
5. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
2 Product from 2 Organizations Now Registered as Officially "CVE-Compatible"
Two additional information security products have achieved the final stage
of MITRE's formal CVE Compatibility Process and is now officially
"CVE-Compatible." The products are now eligible to use the CVE-Compatible
Product/Service logo, and a completed and reviewed "CVE Compatibility
Requirements Evaluation" questionnaire is posted for the product as part of
the organization's listing on the CVE-Compatible Products and Services page
on the CVE Web site. A total of 132 products to-date have been recognized as
officially compatible.
The following products are now registered as officially "CVE-Compatible":
* Beijing Venustech Cybervision Co., Ltd. - Venusense Web Application
Gateway (Venusense WAG)
* High-Tech Bridge SA - High-Tech Bridge Security Advisories
Use of the official CVE-Compatible logo will allow system administrators and
other security professionals to look for the logo when adopting
vulnerability management products and services for their enterprises and the
compatibility process questionnaire will help end-users compare how
different products and services satisfy the CVE compatibility requirements,
and therefore which specific implementations are best for their networks and
systems.
For additional information about CVE compatibility and to review all
products and services listed, visit the CVE Compatibility Process and
CVE-Compatible Products and Services.
LINKS:
Beijing Venustech Cybervision -
http://cve.mitre.org/compatible/questionnaires/147.html
High-Tech Bridge - http://cve.mitre.org/compatible/questionnaires/146.html
CVE Compatibility Process - http://cve.mitre.org/compatible/process.html
CVE-Compatible Products and Services - http://cve.mitre.org/compatible/
Make a Declaration - http://cve.mitre.org/compatible/make_a_declaration.html
---------------------------------------------------------------
UPCOMING EVENT:
MITRE to Host CVE/Making Security Measurable Booth at "2012 Information
Assurance Expo," August 27-30
MITRE will host a CVE/Making Security Measurable booth at "2012 Information
Assurance Expo" on August 27-30, 2012 at Gaylord Opryland Resort and
Convention Center in Nashville, Tennessee, USA. Please visit us at Booth 217
and say hello!
Visit the CVE Calendar for information on this and other events.
LINKS:
2012 Information Assurance Expo - http://www.informationassuranceexpo.com/
Making Security Measurable - http://measurablesecurity.mitre.org
CVE Calendar - http://cve.mitre.org/news/calendar.html
---------------------------------------------------------------
HOT TOPIC:
CVE, CWE, and CWE/SANS Top 25 Mentioned in Article about Supply Chain Risk
Management in "CrossTalk Magazine"
CVE, Common Weaknesses Enumeration (CWE), and the CWE/SANS Top 25 Most
Dangerous Programming Errors List are mentioned in an article entitled
"Supply Chain Risk Management" in the March/April 2012 issue of "CrossTalk
Magazine: The Journal of Defense Software Engineering."
CVE, CWE, and the CWE/SANS Top 25 are mentioned in phase 2 of a section
entitled "A Three-phase Code Analysis Process": "Look for common
vulnerability patterns . analysts [should] make sure that code reviews cover
the most common vulnerabilities and weaknesses. Sources for such common
vulnerabilities and weaknesses include the Common Vulnerabilities and
Exposures (CVE) and Common Weaknesses Enumeration (CWE) databases,
maintained by the MITRE Corporation and accessible on the web at:
<http://cve.mitre.org/cve/> and <http://cwe.mitre.org/>. MITRE, in
cooperation with the SANS Institute, also maintains a list of the "Top 25
Most Dangerous Programming Errors [13]" that can lead to serious
vulnerabilities. The top three classes of errors as of December 2010 were
cross-site scripting, SQL injection, and buffer overflows. Static code
analysis tool and manual techniques should at a minimum, address these Top
25." CWE and the CWE/SANS Top 25 are cited again and described in more
detail at the end of article in a section entitled "Useful Links".
LINKS:
CrossTalk Magazine article -
http://www.crosstalkonline.org/storage/issue-archives/2012/201203/201203-0-I
ssue.pdf
CWE - http://cwe.mitre.org/
CWE/SANS Top 25 - http://cwe.mitre.org/top25/index.html
CVE - http://cve.mitre.org/
---------------------------------------------------------------
ALSO IN THIS ISSUE:
* Huawei Technologies Co., Ltd. Makes 2 Declarations of CVE Compatibility
* BroadWeb Corporation, Ltd. Makes 2 Declarations of CVE Compatibility
* Briefing Slides from "Security Automation Developer Days 2012" Now
Available
* MITRE Hosts CVE/Making Security Measurable Booth at "Black Hat Briefings
2012"
Read these stories and more news at http://cve.mitre.org/news
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: Steve Boyle, Information Security Technical Center. Writer:
Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE and
provides impartial technical guidance to the CVE Editorial Board on all
matters related to ongoing development of CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new email message
and copy the following text to the BODY of the message "SIGNOFF
CVE-Announce-list", then send the message to: listserv@lists.mitre.org. To
subscribe, send an email message to listserv@lists.mitre.org with the
following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".
Copyright 2012, The MITRE Corporation. CVE and the CVE logo are registered
trademarks of The MITRE Corporation.
For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org. Learn more about
Making Security Measurable at http://measurablesecurity.mitre.org.
newsletter is designed to bring recent news about CVE, such as new versions,
upcoming conferences, new Web site features, etc. right to your email box.
Common Vulnerabilities and Exposures (CVE) is the standard for information
security vulnerability names. CVE content results from the collaborative
efforts of the CVE Editorial Board, which is comprised of leading
representatives from the information security community. Details on
subscribing (and unsubscribing) to the email newsletter are at the end.
Please feel free to pass this newsletter on to interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/July 31, 2012
-------------------------------------------------------
Contents:
1. Feature Story
2. Upcoming Event
3. Hot Topic
4. Also in this Issue
5. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
2 Product from 2 Organizations Now Registered as Officially "CVE-Compatible"
Two additional information security products have achieved the final stage
of MITRE's formal CVE Compatibility Process and is now officially
"CVE-Compatible." The products are now eligible to use the CVE-Compatible
Product/Service logo, and a completed and reviewed "CVE Compatibility
Requirements Evaluation" questionnaire is posted for the product as part of
the organization's listing on the CVE-Compatible Products and Services page
on the CVE Web site. A total of 132 products to-date have been recognized as
officially compatible.
The following products are now registered as officially "CVE-Compatible":
* Beijing Venustech Cybervision Co., Ltd. - Venusense Web Application
Gateway (Venusense WAG)
* High-Tech Bridge SA - High-Tech Bridge Security Advisories
Use of the official CVE-Compatible logo will allow system administrators and
other security professionals to look for the logo when adopting
vulnerability management products and services for their enterprises and the
compatibility process questionnaire will help end-users compare how
different products and services satisfy the CVE compatibility requirements,
and therefore which specific implementations are best for their networks and
systems.
For additional information about CVE compatibility and to review all
products and services listed, visit the CVE Compatibility Process and
CVE-Compatible Products and Services.
LINKS:
Beijing Venustech Cybervision -
http://cve.mitre.org/compatible/questionnaires/147.html
High-Tech Bridge - http://cve.mitre.org/compatible/questionnaires/146.html
CVE Compatibility Process - http://cve.mitre.org/compatible/process.html
CVE-Compatible Products and Services - http://cve.mitre.org/compatible/
Make a Declaration - http://cve.mitre.org/compatible/make_a_declaration.html
---------------------------------------------------------------
UPCOMING EVENT:
MITRE to Host CVE/Making Security Measurable Booth at "2012 Information
Assurance Expo," August 27-30
MITRE will host a CVE/Making Security Measurable booth at "2012 Information
Assurance Expo" on August 27-30, 2012 at Gaylord Opryland Resort and
Convention Center in Nashville, Tennessee, USA. Please visit us at Booth 217
and say hello!
Visit the CVE Calendar for information on this and other events.
LINKS:
2012 Information Assurance Expo - http://www.informationassuranceexpo.com/
Making Security Measurable - http://measurablesecurity.mitre.org
CVE Calendar - http://cve.mitre.org/news/calendar.html
---------------------------------------------------------------
HOT TOPIC:
CVE, CWE, and CWE/SANS Top 25 Mentioned in Article about Supply Chain Risk
Management in "CrossTalk Magazine"
CVE, Common Weaknesses Enumeration (CWE), and the CWE/SANS Top 25 Most
Dangerous Programming Errors List are mentioned in an article entitled
"Supply Chain Risk Management" in the March/April 2012 issue of "CrossTalk
Magazine: The Journal of Defense Software Engineering."
CVE, CWE, and the CWE/SANS Top 25 are mentioned in phase 2 of a section
entitled "A Three-phase Code Analysis Process": "Look for common
vulnerability patterns . analysts [should] make sure that code reviews cover
the most common vulnerabilities and weaknesses. Sources for such common
vulnerabilities and weaknesses include the Common Vulnerabilities and
Exposures (CVE) and Common Weaknesses Enumeration (CWE) databases,
maintained by the MITRE Corporation and accessible on the web at:
<http://cve.mitre.org/cve/> and <http://cwe.mitre.org/>. MITRE, in
cooperation with the SANS Institute, also maintains a list of the "Top 25
Most Dangerous Programming Errors [13]" that can lead to serious
vulnerabilities. The top three classes of errors as of December 2010 were
cross-site scripting, SQL injection, and buffer overflows. Static code
analysis tool and manual techniques should at a minimum, address these Top
25." CWE and the CWE/SANS Top 25 are cited again and described in more
detail at the end of article in a section entitled "Useful Links".
LINKS:
CrossTalk Magazine article -
http://www.crosstalkonline.org/storage/issue-archives/2012/201203/201203-0-I
ssue.pdf
CWE - http://cwe.mitre.org/
CWE/SANS Top 25 - http://cwe.mitre.org/top25/index.html
CVE - http://cve.mitre.org/
---------------------------------------------------------------
ALSO IN THIS ISSUE:
* Huawei Technologies Co., Ltd. Makes 2 Declarations of CVE Compatibility
* BroadWeb Corporation, Ltd. Makes 2 Declarations of CVE Compatibility
* Briefing Slides from "Security Automation Developer Days 2012" Now
Available
* MITRE Hosts CVE/Making Security Measurable Booth at "Black Hat Briefings
2012"
Read these stories and more news at http://cve.mitre.org/news
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: Steve Boyle, Information Security Technical Center. Writer:
Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE and
provides impartial technical guidance to the CVE Editorial Board on all
matters related to ongoing development of CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new email message
and copy the following text to the BODY of the message "SIGNOFF
CVE-Announce-list", then send the message to: listserv@lists.mitre.org. To
subscribe, send an email message to listserv@lists.mitre.org with the
following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".
Copyright 2012, The MITRE Corporation. CVE and the CVE logo are registered
trademarks of The MITRE Corporation.
For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org. Learn more about
Making Security Measurable at http://measurablesecurity.mitre.org.
Monday, June 11, 2012
CVE Announce - June 11, 2012 (opt-in newsletter from the CVE Web site)
Welcome to the latest issue of the CVE-Announce e-newsletter. This email
newsletter is designed to bring recent news about CVE, such as new versions,
upcoming conferences, new Web site features, etc. right to your email box.
Common Vulnerabilities and Exposures (CVE) is the standard for information
security vulnerability names. CVE content results from the collaborative
efforts of the CVE Editorial Board, which is comprised of leading
representatives from the information security community. Details on
subscribing (and unsubscribing) to the email newsletter are at the end.
Please feel free to pass this newsletter on to interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/June 11, 2012
-------------------------------------------------------
Contents:
1. Feature Story
2. Hot Topic
3. Also in this Issue
4. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
1 Product from Positive Technologies Now Registered as Officially
"CVE-Compatible"
One additional information security product has achieved the final stage of
MITRE's formal CVE Compatibility Process and is now officially
"CVE-Compatible." The product is now eligible to use the CVE-Compatible
Product/Service logo, and a completed and reviewed "CVE Compatibility
Requirements Evaluation" questionnaire is posted for the product as part of
the organization's listing on the CVE-Compatible Products and Services page
on the CVE Web site. A total of 130 products to-date have been recognized as
officially compatible.
The following product is now registered as officially "CVE-Compatible":
* Positive Technologies CJSC - MaxPatrol
Use of the official CVE-Compatible logo will allow system administrators and
other security professionals to look for the logo when adopting
vulnerability management products and services for their enterprises and the
compatibility process questionnaire will help end-users compare how
different products and services satisfy the CVE compatibility requirements,
and therefore which specific implementations are best for their networks and
systems.
For additional information about CVE compatibility and to review all
products and services listed, visit the CVE Compatibility Process and
CVE-Compatible Products and Services.
LINKS:
Positive Technologies -
http://cve.mitre.org/compatible/questionnaires/145.html
CVE Compatibility Process - http://cve.mitre.org/compatible/process.html
CVE-Compatible Products and Services - http://cve.mitre.org/compatible/
Make a Declaration - http://cve.mitre.org/compatible/make_a_declaration.html
---------------------------------------------------------------
HOT TOPIC:
Agenda Now available for "Security Automation Developer Days 2012" on July
9-13
The agenda for MITRE's free "Security Automation Developer Days 2012"
conference scheduled for July 9-13, 2012 at MITRE in Bedford, Massachusetts,
USA is now available at https://register.mitre.org/devdays/agenda.pdf.
For registration, lodging, and other conference details visit the conference
registration page. Please note that registration will close this week on
FRIDAY, JUNE 15.
LINKS:
Developer Days Agenda - https://register.mitre.org/devdays/agenda.pdf
Developer Days Registration - https://register.mitre.org/devdays
SCAP - http://scap.nist.gov/
CVE Calendar - http://cve.mitre.org/news/calendar.html
---------------------------------------------------------------
ALSO IN THIS ISSUE:
* New CVE Editorial Board Member for Cisco
* CVE List Surpasses 50,000 CVE Identifiers
Read these stories and more news at http://cve.mitre.org/news
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: Steve Boyle, Information Security Technical Center. Writer:
Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE and
provides impartial technical guidance to the CVE Editorial Board on all
matters related to ongoing development of CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new email message
and copy the following text to the BODY of the message "SIGNOFF
CVE-Announce-list", then send the message to: listserv@lists.mitre.org. To
subscribe, send an email message to listserv@lists.mitre.org with the
following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".
Copyright 2012, The MITRE Corporation. CVE and the CVE logo are registered
trademarks of The MITRE Corporation.
For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org. Learn more about
Making Security Measurable at http://measurablesecurity.mitre.org.
newsletter is designed to bring recent news about CVE, such as new versions,
upcoming conferences, new Web site features, etc. right to your email box.
Common Vulnerabilities and Exposures (CVE) is the standard for information
security vulnerability names. CVE content results from the collaborative
efforts of the CVE Editorial Board, which is comprised of leading
representatives from the information security community. Details on
subscribing (and unsubscribing) to the email newsletter are at the end.
Please feel free to pass this newsletter on to interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/June 11, 2012
-------------------------------------------------------
Contents:
1. Feature Story
2. Hot Topic
3. Also in this Issue
4. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
1 Product from Positive Technologies Now Registered as Officially
"CVE-Compatible"
One additional information security product has achieved the final stage of
MITRE's formal CVE Compatibility Process and is now officially
"CVE-Compatible." The product is now eligible to use the CVE-Compatible
Product/Service logo, and a completed and reviewed "CVE Compatibility
Requirements Evaluation" questionnaire is posted for the product as part of
the organization's listing on the CVE-Compatible Products and Services page
on the CVE Web site. A total of 130 products to-date have been recognized as
officially compatible.
The following product is now registered as officially "CVE-Compatible":
* Positive Technologies CJSC - MaxPatrol
Use of the official CVE-Compatible logo will allow system administrators and
other security professionals to look for the logo when adopting
vulnerability management products and services for their enterprises and the
compatibility process questionnaire will help end-users compare how
different products and services satisfy the CVE compatibility requirements,
and therefore which specific implementations are best for their networks and
systems.
For additional information about CVE compatibility and to review all
products and services listed, visit the CVE Compatibility Process and
CVE-Compatible Products and Services.
LINKS:
Positive Technologies -
http://cve.mitre.org/compatible/questionnaires/145.html
CVE Compatibility Process - http://cve.mitre.org/compatible/process.html
CVE-Compatible Products and Services - http://cve.mitre.org/compatible/
Make a Declaration - http://cve.mitre.org/compatible/make_a_declaration.html
---------------------------------------------------------------
HOT TOPIC:
Agenda Now available for "Security Automation Developer Days 2012" on July
9-13
The agenda for MITRE's free "Security Automation Developer Days 2012"
conference scheduled for July 9-13, 2012 at MITRE in Bedford, Massachusetts,
USA is now available at https://register.mitre.org/devdays/agenda.pdf.
For registration, lodging, and other conference details visit the conference
registration page. Please note that registration will close this week on
FRIDAY, JUNE 15.
LINKS:
Developer Days Agenda - https://register.mitre.org/devdays/agenda.pdf
Developer Days Registration - https://register.mitre.org/devdays
SCAP - http://scap.nist.gov/
CVE Calendar - http://cve.mitre.org/news/calendar.html
---------------------------------------------------------------
ALSO IN THIS ISSUE:
* New CVE Editorial Board Member for Cisco
* CVE List Surpasses 50,000 CVE Identifiers
Read these stories and more news at http://cve.mitre.org/news
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: Steve Boyle, Information Security Technical Center. Writer:
Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE and
provides impartial technical guidance to the CVE Editorial Board on all
matters related to ongoing development of CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new email message
and copy the following text to the BODY of the message "SIGNOFF
CVE-Announce-list", then send the message to: listserv@lists.mitre.org. To
subscribe, send an email message to listserv@lists.mitre.org with the
following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".
Copyright 2012, The MITRE Corporation. CVE and the CVE logo are registered
trademarks of The MITRE Corporation.
For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org. Learn more about
Making Security Measurable at http://measurablesecurity.mitre.org.
Wednesday, May 16, 2012
CVE Announce - May 16, 2012 (opt-in newsletter from the CVE Web site)
Welcome to the latest edition of the CVE-Announce e-newsletter. This email
newsletter is designed to bring recent news about CVE, such as new versions,
upcoming conferences, new Web site features, etc. right to your email box.
Common Vulnerabilities and Exposures (CVE) is the standard for information
security vulnerability names. CVE content results from the collaborative
efforts of the CVE Editorial Board, which is comprised of leading
representatives from the information security community. Details on
subscribing (and unsubscribing) to the email newsletter are at the end.
Please feel free to pass this newsletter on to interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/May 16, 2012
-------------------------------------------------------
Contents:
1. Feature Story
2. Upcoming Event
3. Also in this Issue
4. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
1 Product from Beijing Venustech Now Registered as Officially
"CVE-Compatible"
One additional information security product has achieved the final stage of
MITRE's formal CVE Compatibility Process and is now officially
"CVE-Compatible." The product is now eligible to use the CVE-Compatible
Product/Service logo, and a completed and reviewed "CVE Compatibility
Requirements Evaluation" questionnaire is posted for the product as part of
the organization's listing on the CVE-Compatible Products and Services page
on the CVE Web site. A total of 129 products to-date have been recognized as
officially compatible.
The following product is now registered as officially "CVE-Compatible":
* Beijing Venustech Cybervision Co., Ltd. - Beijing Venustech (Venusense
UTM)
Use of the official CVE-Compatible logo will allow system administrators and
other security professionals to look for the logo when adopting
vulnerability management products and services for their enterprises and the
compatibility process questionnaire will help end-users compare how
different products and services satisfy the CVE compatibility requirements,
and therefore which specific implementations are best for their networks and
systems.
For additional information about CVE compatibility and to review all
products and services listed, visit the CVE Compatibility Process and
CVE-Compatible Products and Services.
LINKS:
Beijing Venustech - http://cve.mitre.org/compatible/questionnaires/144.html
CVE Compatibility Process - http://cve.mitre.org/compatible/process.html
CVE-Compatible Products and Services - http://cve.mitre.org/compatible/
Make a Declaration - http://cve.mitre.org/compatible/make_a_declaration.html
---------------------------------------------------------------
UPCOMING EVENT:
Registration Now Open for "Security Automation Developer Days 2012" on July
9-13
MITRE Corporation will host the fourth "Security Automation Developer Days"
conference on July 9-13, 2012, at MITRE in Bedford, Massachusetts, USA. This
five-day conference is technical in nature and will focus on the U.S.
National Institute of Standards and Technology's (NIST) Security Content
Automation Protocol (SCAP).
The purpose of the event is for the community to discuss SCAP - and those
existing standards upon which it is based including Common Configuration
Enumeration (CCE), Common Platform Enumeration (CPE), Open Vulnerability and
Assessment Language (OVAL), Extensible Configuration Checklist Description
Format (XCCDF) - in technical detail and to derive solutions that benefit
all concerned parties. All current and emerging SCAP standards are addressed
at this workshop.
MITRE first hosted Developer Days in 2005 and has been running them annually
ever since. The model for these technical exchanges has since been adopted
as the format used by the Security Automation community.
An agenda will be available soon. For registration, lodging, and other
conference details, please visit: https://register.mitre.org/devdays/.
LINKS:
Security Automation Developer Days 2012 - https://register.mitre.org/devdays
SCAP - http://scap.nist.gov/
Current SCAP Standards - http://scap.nist.gov/revision/index.html
Emerging SCAP Standards - http://scap.nist.gov/emerging-specs/index.html
CVE Calendar - http://cve.mitre.org/news/calendar.html
---------------------------------------------------------------
ALSO IN THIS ISSUE:
* New CVE Editorial Board Member for Cisco
* CVE List Surpasses 50,000 CVE Identifiers
Read these stories and more news at http://cve.mitre.org/news
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: Steve Boyle, Information Security Technical Center. Writer:
Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE and
provides impartial technical guidance to the CVE Editorial Board on all
matters related to ongoing development of CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new email message
and copy the following text to the BODY of the message "SIGNOFF
CVE-Announce-list", then send the message to: listserv@lists.mitre.org. To
subscribe, send an email message to listserv@lists.mitre.org with the
following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".
Copyright 2012, The MITRE Corporation. CVE and the CVE logo are registered
trademarks of The MITRE Corporation.
For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org. Learn more about
Making Security Measurable at http://measurablesecurity.mitre.org.
.
newsletter is designed to bring recent news about CVE, such as new versions,
upcoming conferences, new Web site features, etc. right to your email box.
Common Vulnerabilities and Exposures (CVE) is the standard for information
security vulnerability names. CVE content results from the collaborative
efforts of the CVE Editorial Board, which is comprised of leading
representatives from the information security community. Details on
subscribing (and unsubscribing) to the email newsletter are at the end.
Please feel free to pass this newsletter on to interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/May 16, 2012
-------------------------------------------------------
Contents:
1. Feature Story
2. Upcoming Event
3. Also in this Issue
4. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
1 Product from Beijing Venustech Now Registered as Officially
"CVE-Compatible"
One additional information security product has achieved the final stage of
MITRE's formal CVE Compatibility Process and is now officially
"CVE-Compatible." The product is now eligible to use the CVE-Compatible
Product/Service logo, and a completed and reviewed "CVE Compatibility
Requirements Evaluation" questionnaire is posted for the product as part of
the organization's listing on the CVE-Compatible Products and Services page
on the CVE Web site. A total of 129 products to-date have been recognized as
officially compatible.
The following product is now registered as officially "CVE-Compatible":
* Beijing Venustech Cybervision Co., Ltd. - Beijing Venustech (Venusense
UTM)
Use of the official CVE-Compatible logo will allow system administrators and
other security professionals to look for the logo when adopting
vulnerability management products and services for their enterprises and the
compatibility process questionnaire will help end-users compare how
different products and services satisfy the CVE compatibility requirements,
and therefore which specific implementations are best for their networks and
systems.
For additional information about CVE compatibility and to review all
products and services listed, visit the CVE Compatibility Process and
CVE-Compatible Products and Services.
LINKS:
Beijing Venustech - http://cve.mitre.org/compatible/questionnaires/144.html
CVE Compatibility Process - http://cve.mitre.org/compatible/process.html
CVE-Compatible Products and Services - http://cve.mitre.org/compatible/
Make a Declaration - http://cve.mitre.org/compatible/make_a_declaration.html
---------------------------------------------------------------
UPCOMING EVENT:
Registration Now Open for "Security Automation Developer Days 2012" on July
9-13
MITRE Corporation will host the fourth "Security Automation Developer Days"
conference on July 9-13, 2012, at MITRE in Bedford, Massachusetts, USA. This
five-day conference is technical in nature and will focus on the U.S.
National Institute of Standards and Technology's (NIST) Security Content
Automation Protocol (SCAP).
The purpose of the event is for the community to discuss SCAP - and those
existing standards upon which it is based including Common Configuration
Enumeration (CCE), Common Platform Enumeration (CPE), Open Vulnerability and
Assessment Language (OVAL), Extensible Configuration Checklist Description
Format (XCCDF) - in technical detail and to derive solutions that benefit
all concerned parties. All current and emerging SCAP standards are addressed
at this workshop.
MITRE first hosted Developer Days in 2005 and has been running them annually
ever since. The model for these technical exchanges has since been adopted
as the format used by the Security Automation community.
An agenda will be available soon. For registration, lodging, and other
conference details, please visit: https://register.mitre.org/devdays/.
LINKS:
Security Automation Developer Days 2012 - https://register.mitre.org/devdays
SCAP - http://scap.nist.gov/
Current SCAP Standards - http://scap.nist.gov/revision/index.html
Emerging SCAP Standards - http://scap.nist.gov/emerging-specs/index.html
CVE Calendar - http://cve.mitre.org/news/calendar.html
---------------------------------------------------------------
ALSO IN THIS ISSUE:
* New CVE Editorial Board Member for Cisco
* CVE List Surpasses 50,000 CVE Identifiers
Read these stories and more news at http://cve.mitre.org/news
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: Steve Boyle, Information Security Technical Center. Writer:
Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE and
provides impartial technical guidance to the CVE Editorial Board on all
matters related to ongoing development of CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new email message
and copy the following text to the BODY of the message "SIGNOFF
CVE-Announce-list", then send the message to: listserv@lists.mitre.org. To
subscribe, send an email message to listserv@lists.mitre.org with the
following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".
Copyright 2012, The MITRE Corporation. CVE and the CVE logo are registered
trademarks of The MITRE Corporation.
For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org. Learn more about
Making Security Measurable at http://measurablesecurity.mitre.org.
.
Tuesday, May 8, 2012
CVE Announce - May 8, 2012 (opt-in newsletter from the CVE Web site)
Welcome to the latest edition of the CVE-Announce e-newsletter. This email
newsletter is designed to bring recent news about CVE, such as new versions,
upcoming conferences, new Web site features, etc. right to your email box.
Common Vulnerabilities and Exposures (CVE) is the standard for information
security vulnerability names. CVE content results from the collaborative
efforts of the CVE Editorial Board, which is comprised of leading
representatives from the information security community. Details on
subscribing (and unsubscribing) to the email newsletter are at the end.
Please feel free to pass this newsletter on to interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/May 8, 2012
-------------------------------------------------------
Contents:
1. Feature Story
2. Also in this Issue
3. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
CVE List Surpasses 50,000 CVE Identifiers
The CVE Web site now contains 50,062 unique information security issues with
publicly known names. CVE, which began in 1999 with just 321 common names on
the CVE List, is considered the international standard for public software
vulnerability names. Information security professionals and product vendors
from around the world use CVE Identifiers (CVE-IDs) as a standard method for
identifying vulnerabilities, and for cross-linking among products, services,
and other repositories that use the identifiers.
The widespread adoption of CVE in enterprise security is illustrated by the
numerous CVE-Compatible Products and Services in use throughout industry,
government, and academia for vulnerability management, vulnerability
alerting, intrusion detection, and patch management. Major OS vendors and
other organizations from around the world also include CVE-IDs in their
security alerts to ensure that the international community benefits by
having the identifiers as soon as a problem is announced. In addition,
CVE-IDs have been used to identify vulnerabilities in the SANS Top Cyber
Security Risks threat list since its inception in 2000.
CVE has also inspired new efforts. MITRE's Common Weakness Enumeration (CWE)
dictionary of software weakness types is based in part on the CVE List, and
its Open Vulnerability and Assessment Language (OVAL) effort uses CVE-IDs
for its standardized OVAL Vulnerability Definitions that test systems for
the presence of CVEs. In addition, the U.S. National Vulnerability Database
(NVD) of CVE fix information that is synchronized with and based on the CVE
List also includes Security Content Automation Protocol (SCAP) content. SCAP
employs community standards to enable "automated vulnerability management,
measurement, and policy compliance evaluation (e.g., FISMA compliance)," and
CVE is one of the eight existing open standards SCAP uses for enumerating,
evaluating, and measuring the impact of software problems and reporting
results.
And in 2011, the International Telecommunication Union's (ITU-T)
Cybersecurity Rapporteur Group, which is the telecom/information system
standards body within the treaty-based 150-year-old intergovernmental
organization, adopted CVE as a part of its new "Global Cybersecurity
Information Exchange techniques (X.CYBEX)" by issuing "Recommendation ITU-T
X.1520 Common Vulnerabilities and Exposures (CVE)", that is based upon CVE's
current Compatibility Requirements, and any future changes to the document
will be reflected in subsequent updates to X.CVE.
Each of the 50,000+ identifiers on the CVE List includes the following: CVE
Identifier number (i.e., "CVE-1999-0067"); brief description of the security
vulnerability; and pertinent references such as vulnerability reports and
advisories or OVAL-ID. Visit the CVE List page to download the complete list
in various formats or to look-up an individual identifier. Fix information
and enhanced searching of CVE is available from NVD.
LINKS:
CVE List - http://cve.mitre.org/cve/
About CVE Identifiers - http://cve.mitre.org/cve/identifiers/index.html
CVE-Compatible Products and Services - http://cve.mitre.org/compatible/
CVE Compatibility Requirements -
http://cve.mitre.org/compatible/requirements.html
Security Alerts including CVE-IDs -
http://cve.mitre.org/compatible/alerts_announcements.html
SANS Top Cyber Security Risks -
http://www.sans.org/top-cyber-security-risks/
NVD - http://nvd.nist.gov/
SCAP - http://scap.nist.gov/
CWE - http://cwe.mitre.org/
OVAL - http://oval.mitre.org/
ITU-T X.1520 Recommendation for CVE -
http://www.itu.int/rec/T-REC-X.1520-201104-P
---------------------------------------------------------------
ALSO IN THIS ISSUE:
* 1 Product from Sangfor Technologies Co., Ltd. Now Registered as Officially
"CVE-Compatible"
* MITRE Hosts CVE/Making Security Measurable Booth at "InfoSec World 2012"
Read these stories and more news at http://cve.mitre.org/news
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: Steve Boyle, Information Security Technical Center. Writer:
Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE and
provides impartial technical guidance to the CVE Editorial Board on all
matters related to ongoing development of CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new email message
and copy the following text to the BODY of the message "SIGNOFF
CVE-Announce-list", then send the message to: listserv@lists.mitre.org. To
subscribe, send an email message to listserv@lists.mitre.org with the
following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".
Copyright 2012, The MITRE Corporation. CVE and the CVE logo are registered
trademarks of The MITRE Corporation.
For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org. Learn more about
Making Security Measurable at http://measurablesecurity.mitre.org.
newsletter is designed to bring recent news about CVE, such as new versions,
upcoming conferences, new Web site features, etc. right to your email box.
Common Vulnerabilities and Exposures (CVE) is the standard for information
security vulnerability names. CVE content results from the collaborative
efforts of the CVE Editorial Board, which is comprised of leading
representatives from the information security community. Details on
subscribing (and unsubscribing) to the email newsletter are at the end.
Please feel free to pass this newsletter on to interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/May 8, 2012
-------------------------------------------------------
Contents:
1. Feature Story
2. Also in this Issue
3. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
CVE List Surpasses 50,000 CVE Identifiers
The CVE Web site now contains 50,062 unique information security issues with
publicly known names. CVE, which began in 1999 with just 321 common names on
the CVE List, is considered the international standard for public software
vulnerability names. Information security professionals and product vendors
from around the world use CVE Identifiers (CVE-IDs) as a standard method for
identifying vulnerabilities, and for cross-linking among products, services,
and other repositories that use the identifiers.
The widespread adoption of CVE in enterprise security is illustrated by the
numerous CVE-Compatible Products and Services in use throughout industry,
government, and academia for vulnerability management, vulnerability
alerting, intrusion detection, and patch management. Major OS vendors and
other organizations from around the world also include CVE-IDs in their
security alerts to ensure that the international community benefits by
having the identifiers as soon as a problem is announced. In addition,
CVE-IDs have been used to identify vulnerabilities in the SANS Top Cyber
Security Risks threat list since its inception in 2000.
CVE has also inspired new efforts. MITRE's Common Weakness Enumeration (CWE)
dictionary of software weakness types is based in part on the CVE List, and
its Open Vulnerability and Assessment Language (OVAL) effort uses CVE-IDs
for its standardized OVAL Vulnerability Definitions that test systems for
the presence of CVEs. In addition, the U.S. National Vulnerability Database
(NVD) of CVE fix information that is synchronized with and based on the CVE
List also includes Security Content Automation Protocol (SCAP) content. SCAP
employs community standards to enable "automated vulnerability management,
measurement, and policy compliance evaluation (e.g., FISMA compliance)," and
CVE is one of the eight existing open standards SCAP uses for enumerating,
evaluating, and measuring the impact of software problems and reporting
results.
And in 2011, the International Telecommunication Union's (ITU-T)
Cybersecurity Rapporteur Group, which is the telecom/information system
standards body within the treaty-based 150-year-old intergovernmental
organization, adopted CVE as a part of its new "Global Cybersecurity
Information Exchange techniques (X.CYBEX)" by issuing "Recommendation ITU-T
X.1520 Common Vulnerabilities and Exposures (CVE)", that is based upon CVE's
current Compatibility Requirements, and any future changes to the document
will be reflected in subsequent updates to X.CVE.
Each of the 50,000+ identifiers on the CVE List includes the following: CVE
Identifier number (i.e., "CVE-1999-0067"); brief description of the security
vulnerability; and pertinent references such as vulnerability reports and
advisories or OVAL-ID. Visit the CVE List page to download the complete list
in various formats or to look-up an individual identifier. Fix information
and enhanced searching of CVE is available from NVD.
LINKS:
CVE List - http://cve.mitre.org/cve/
About CVE Identifiers - http://cve.mitre.org/cve/identifiers/index.html
CVE-Compatible Products and Services - http://cve.mitre.org/compatible/
CVE Compatibility Requirements -
http://cve.mitre.org/compatible/requirements.html
Security Alerts including CVE-IDs -
http://cve.mitre.org/compatible/alerts_announcements.html
SANS Top Cyber Security Risks -
http://www.sans.org/top-cyber-security-risks/
NVD - http://nvd.nist.gov/
SCAP - http://scap.nist.gov/
CWE - http://cwe.mitre.org/
OVAL - http://oval.mitre.org/
ITU-T X.1520 Recommendation for CVE -
http://www.itu.int/rec/T-REC-X.1520-201104-P
---------------------------------------------------------------
ALSO IN THIS ISSUE:
* 1 Product from Sangfor Technologies Co., Ltd. Now Registered as Officially
"CVE-Compatible"
* MITRE Hosts CVE/Making Security Measurable Booth at "InfoSec World 2012"
Read these stories and more news at http://cve.mitre.org/news
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: Steve Boyle, Information Security Technical Center. Writer:
Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE and
provides impartial technical guidance to the CVE Editorial Board on all
matters related to ongoing development of CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new email message
and copy the following text to the BODY of the message "SIGNOFF
CVE-Announce-list", then send the message to: listserv@lists.mitre.org. To
subscribe, send an email message to listserv@lists.mitre.org with the
following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".
Copyright 2012, The MITRE Corporation. CVE and the CVE logo are registered
trademarks of The MITRE Corporation.
For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org. Learn more about
Making Security Measurable at http://measurablesecurity.mitre.org.
Tuesday, March 27, 2012
CVE Announce - March 27, 2012 (opt-in newsletter from the CVE Web site)
Welcome to the latest edition of the CVE-Announce e-newsletter. This email
newsletter is designed to bring recent news about CVE, such as new versions,
upcoming conferences, new Web site features, etc. right to your email box.
Common Vulnerabilities and Exposures (CVE) is the standard for information
security vulnerability names. CVE content results from the collaborative
efforts of the CVE Editorial Board, which is comprised of leading
representatives from the information security community. Details on
subscribing (and unsubscribing) to the email newsletter are at the end.
Please feel free to pass this newsletter on to interested colleagues.
newsletter is designed to bring recent news about CVE, such as new versions,
upcoming conferences, new Web site features, etc. right to your email box.
Common Vulnerabilities and Exposures (CVE) is the standard for information
security vulnerability names. CVE content results from the collaborative
efforts of the CVE Editorial Board, which is comprised of leading
representatives from the information security community. Details on
subscribing (and unsubscribing) to the email newsletter are at the end.
Please feel free to pass this newsletter on to interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/March 27, 2012
-------------------------------------------------------
Contents:
1. Feature Story
2. Upcoming Event
3. Hot Topic
4. Also in this Issue
5. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
CVE-Compatible Products and Services Update
Four additional information security products from four organizations have
achieved the final stage of MITRE's formal CVE Compatibility Process and is
now officially "CVE-Compatible." The products are now eligible to use the
CVE-Compatible Product/Service logo, and a completed and reviewed "CVE
Compatibility Requirements Evaluation" questionnaire is posted for the
product as part of the organization's listing on the CVE-Compatible Products
and Services page on the CVE Web site. A total of 123 products to-date have
been recognized as officially compatible.
The following products are now registered as officially "CVE-Compatible":
Cisco Systems, Inc. - Cisco Security IntelliShield Alert Manager
Service
Security-Database - Security Database Web site
CXSecurity - World Laboratory of Bugtraq 2
Application Security - DbProtect
Use of the official CVE-Compatible logo will allow system administrators and
other security professionals to look for the logo when adopting
vulnerability management products and services for their enterprises and the
compatibility process questionnaire will help end-users compare how
different products and services satisfy the CVE compatibility requirements,
and therefore which specific implementations are best for their networks and
systems.
In addition, three organizations have made declarations of CVE Compatibility
for 12 products and services: NGSSecure, a Division of NCC Group UK PLC,
declared that its enterprise class vulnerability management software
product, NGS Auditor, and its standalone vulnerability assessment software
products, NGS OraScan, NGS DominoScan II, NGS SQuirreL for DB2, NGS SQuirreL
for SQL Server, NGS SQuirreL for Oracle, NGS SQuirreL for Informix, NGS
SQuirreL for Sybase ASE, NGS SQuirreL for MySQL, and NGS Typhon III, are
CVE-Compatible; Sangfor Technologies Co., Ltd. declared that its
Next-Generation Application Firewall is CVE-Compatible; and NETpeas, SA
declared that its cloud-based, multi-engines vulnerability management
service, COREvidence, will be CVE-Compatible. A total of 106 organizations
to-date have made Declarations of CVE Compatibility for 174 products and
services.
For additional information about CVE Compatibility and to review all
products and services listed, visit the CVE Compatibility Process and
CVE-Compatible Products and Services.
LINKS:
Cisco - http://cve.mitre.org/compatible/questionnaires/142.html
Security-Database - http://cve.mitre.org/compatible/questionnaires/84.html
CXSecurity - http://cve.mitre.org/compatible/questionnaires/141.html
Application Security -
http://cve.mitre.org/compatible/questionnaires/140.html
NGSSecure - http://www.ngssecure.com/
Sangfor Technologies - http://www.sangfor.com/
NETpeas - http://www.netpeas.com/
CVE Compatibility Process - http://cve.mitre.org/compatible/process.html
CVE-Compatible Products and Services - http://cve.mitre.org/compatible/
Make a Declaration - http://cve.mitre.org/compatible/make_a_declaration.html
---------------------------------------------------------------
UPCOMING EVENT:
CVE/Making Security Measurable Booth at "Infosec World 2012," April 2-4
MITRE will host a CVE/Making Security Measurable booth at "Infosec World
Conference & Expo 2012" at Disney's Contemporary Resort in Orlando, Florida,
USA, on April 2-4, 2012. Attendees will learn how information security data
standards such as CVE, CCE, CPE, MAEC, CybOX, CWE, CAPEC, CEE, OVAL, etc.,
facilitate both effective security process coordination and the use of
automation to assess, manage, and improve the security posture of enterprise
security information infrastructures.
Members of the CVE Team will be in attendance. Please stop by Booth 513 and
say hello!
LINKS:
Infosec World 2012 -
http://www.misti.com/default.asp?page=65&Return=70&ProductID=5539&LS=infosec
world
Making Security Measurable - http://measurablesecurity.mitre.org
CVE Calendar - http://cve.mitre.org/news/calendar.html
---------------------------------------------------------------
HOT TOPIC:
CVE Mentioned in Article about Updates to Guidelines for Adopting and Using
Security Content Automation Protocol (SCAP) on "GCN"
CVE is mentioned in a January 9, 2012 article entitled "Getting the most out
of automated IT security management" on Government Computer News.com. The
main topic of the article is the National Institute of Standards and
Technology (NIST) updating its guidelines for using Security Content
Automation Protocol (SCAP) "for checking and validating security settings on
IT systems" by releasing "Special Publication 800-117, Guide to Adopting and
Using the Security Content Automation Protocol Version 1.2, Revision 1."
CVE is mentioned when the author explains how SCAP combines several existing
community standards created and maintained by several different
organizations "including MITRE Corp., the National Security Agency, and the
Forum for Incident Response and Security Teams", and that the
"specifications making up SCAP are divided into languages, reporting
formats, enumerations, measurement and scoring systems, and integrity
protection." The author then lists the 11 SCAP components, with CVE included
under Enumerations. The other MITRE initiatives listed are Common Platform
Enumeration (CPE) and Common Configuration Enumeration (CCE), also under
Enumerations, and under Languages, Open Vulnerability and Assessment
Language (OVAL). The article concludes with a summary of the updates to the
guidelines.
LINKS:
GCN article -
http://gcn.com/articles/2012/01/09/nist-scap-automated-security-management.a
spx?sc_lang=en
SCAP - http://scap.nist.gov/
CCE - http://cce.mitre.org/
CPE - http://cpe.mitre.org/
OVAL - http://oval.mitre.org/
CVE - http://cve.mitre.org/
---------------------------------------------------------------
ALSO IN THIS ISSUE:
* New CVE Editorial Board Member for National Institute of Standards and
Technology (NIST)
* Photos from CVE/Making Security Measurable Booth at "RSA 2012"
Read these stories and more news at http://cve.mitre.org/news
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: Steve Boyle, Information Security Technical Center. Writer:
Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE and
provides impartial technical guidance to the CVE Editorial Board on all
matters related to ongoing development of CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new email message
and copy the following text to the BODY of the message "SIGNOFF
CVE-Announce-list", then send the message to: listserv@lists.mitre.org. To
subscribe, send an email message to listserv@lists.mitre.org with the
following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".
Copyright 2012, The MITRE Corporation. CVE and the CVE logo are registered
trademarks of The MITRE Corporation.
For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org. Learn more about
Making Security Measurable at http://measurablesecurity.mitre.org.
Monday, January 9, 2012
CVE Announce - January 10, 2012 (opt-in newsletter from the CVE Web site)
Welcome to the latest edition of the CVE-Announce e-newsletter. This email
newsletter is designed to bring recent news about CVE, such as new versions,
upcoming conferences, new Web site features, etc. right to your email box.
Common Vulnerabilities and Exposures (CVE) is the standard for information
security vulnerability names. CVE content results from the collaborative
efforts of the CVE Editorial Board, which is comprised of leading
representatives from the information security community. Details on
subscribing (and unsubscribing) to the email newsletter are at the end.
Please feel free to pass this newsletter on to interested colleagues.
newsletter is designed to bring recent news about CVE, such as new versions,
upcoming conferences, new Web site features, etc. right to your email box.
Common Vulnerabilities and Exposures (CVE) is the standard for information
security vulnerability names. CVE content results from the collaborative
efforts of the CVE Editorial Board, which is comprised of leading
representatives from the information security community. Details on
subscribing (and unsubscribing) to the email newsletter are at the end.
Please feel free to pass this newsletter on to interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/January 10, 2012
-------------------------------------------------------
Contents:
1. Feature Story
2. HOT TOPIC
3. Also in this Issue
4. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
1 Product from TrustSign Now Registered as Officially "CVE-Compatible"
One additional information security product has achieved the final stage of
MITRE's formal CVE Compatibility Process and is now officially
"CVE-Compatible." The product is now eligible to use the CVE-Compatible
Product/Service logo, and a completed and reviewed "CVE Compatibility
Requirements Evaluation" questionnaire is posted for the product as part of
the organization's listing on the CVE-Compatible Products and Services page
on the CVE Web site. A total of 123 products to-date have been recognized as
officially compatible.
The following product is now registered as officially "CVE-Compatible":
TrustSign - Selos de Seguranca
Use of the official CVE-Compatible logo will allow system administrators and
other security professionals to look for the logo when adopting
vulnerability management products and services for their enterprises and the
compatibility process questionnaire will help end-users compare how
different products and services satisfy the CVE compatibility requirements,
and therefore which specific implementations are best for their networks and
systems.
For additional information about CVE Compatibility and to review all
products and services listed, visit the CVE Compatibility Process and
CVE-Compatible Products and Services.
LINKS:
TrustSign - http://cve.mitre.org/compatible/questionnaires/139.html
CVE Compatibility Process - http://cve.mitre.org/compatible/process.html
CVE-Compatible Products and Services - http://cve.mitre.org/compatible/
Make a Declaration - http://cve.mitre.org/compatible/make_a_declaration.html
---------------------------------------------------------------
HOT TOPIC:
MITRE Announces Initial "Making Security Measurable" Calendar of Events for
2012
MITRE has announced its initial Making Security Measurable calendar of
events for 2012. Details regarding MITRE's scheduled participation at these
events are noted on the CVE Calendar page. Each listing includes the event
name with URL, date of the event, location, and a description of our
activity at the event.
"RSA Conference 2012," February 27-March 2, 2012
"InfoSec World Conference & Expo 2012," April 2-4, 2012
"Black Hat Briefings 2012," July 25-26, 2012
"Information Assurance Expo 2012," August 27-30, 2012
"Black Hat Briefings 2012," November 1-2, 2012
Other events may be added throughout the year. Visit the CVE Calendar for
information or contact cve@mitre.org to have MITRE present a briefing or
participate in a panel discussion about CVE, CCE, CPE, CAPEC, CybOX, CWE,
MAEC, CEE, OVAL, Software Assurance, and/or Making Security Measurable at
your event.
LINKS:
Making Security Measurable - http://measurablesecurity.mitre.org
CVE Calendar - http://cve.mitre.org/news/calendar.html
---------------------------------------------------------------
ALSO IN THIS ISSUE:
* CXSecurity Makes Declaration of CVE Compatibility
* Beijing Venustech Security Inc. Makes Declaration of CVE Compatibility
* CVE Mentioned in U.S. Department of Homeland Security's "Blueprint for a
Secure Cyber Future"
* CVE-IDs Now Mapped to DISA's Information Assurance Vulnerability Alerts
Read these stories and more news at http://cve.mitre.org/news
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: Steve Boyle, Information Security Technical Center. Writer:
Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE and
provides impartial technical guidance to the CVE Editorial Board on all
matters related to ongoing development of CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new email message
and copy the following text to the BODY of the message "SIGNOFF
CVE-Announce-list", then send the message to: listserv@lists.mitre.org. To
subscribe, send an email message to listserv@lists.mitre.org with the
following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".
Copyright 2012, The MITRE Corporation. CVE and the CVE logo are registered
trademarks of The MITRE Corporation.
For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org. Learn more about
Making Security Measurable at http://measurablesecurity.mitre.org.
Subscribe to:
Comments (Atom)
