Welcome to the latest issue of the CVE-Announce e-newsletter. This email
newsletter is designed to bring recent news about CVE, such as new versions,
upcoming conferences, new Web site features, etc. right to your email box.
Common Vulnerabilities and Exposures (CVE) is the standard for information
security vulnerability names. CVE content results from the collaborative
efforts of the CVE Editorial Board, which is comprised of leading
representatives from the information security community. Details on
subscribing (and unsubscribing) to the email newsletter are at the end.
Please feel free to pass this newsletter on to interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/July 31, 2012
-------------------------------------------------------
Contents:
1. Feature Story
2. Upcoming Event
3. Hot Topic
4. Also in this Issue
5. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
2 Product from 2 Organizations Now Registered as Officially "CVE-Compatible"
Two additional information security products have achieved the final stage
of MITRE's formal CVE Compatibility Process and is now officially
"CVE-Compatible." The products are now eligible to use the CVE-Compatible
Product/Service logo, and a completed and reviewed "CVE Compatibility
Requirements Evaluation" questionnaire is posted for the product as part of
the organization's listing on the CVE-Compatible Products and Services page
on the CVE Web site. A total of 132 products to-date have been recognized as
officially compatible.
The following products are now registered as officially "CVE-Compatible":
* Beijing Venustech Cybervision Co., Ltd. - Venusense Web Application
Gateway (Venusense WAG)
* High-Tech Bridge SA - High-Tech Bridge Security Advisories
Use of the official CVE-Compatible logo will allow system administrators and
other security professionals to look for the logo when adopting
vulnerability management products and services for their enterprises and the
compatibility process questionnaire will help end-users compare how
different products and services satisfy the CVE compatibility requirements,
and therefore which specific implementations are best for their networks and
systems.
For additional information about CVE compatibility and to review all
products and services listed, visit the CVE Compatibility Process and
CVE-Compatible Products and Services.
LINKS:
Beijing Venustech Cybervision -
http://cve.mitre.org/compatible/questionnaires/147.html
High-Tech Bridge - http://cve.mitre.org/compatible/questionnaires/146.html
CVE Compatibility Process - http://cve.mitre.org/compatible/process.html
CVE-Compatible Products and Services - http://cve.mitre.org/compatible/
Make a Declaration - http://cve.mitre.org/compatible/make_a_declaration.html
---------------------------------------------------------------
UPCOMING EVENT:
MITRE to Host CVE/Making Security Measurable Booth at "2012 Information
Assurance Expo," August 27-30
MITRE will host a CVE/Making Security Measurable booth at "2012 Information
Assurance Expo" on August 27-30, 2012 at Gaylord Opryland Resort and
Convention Center in Nashville, Tennessee, USA. Please visit us at Booth 217
and say hello!
Visit the CVE Calendar for information on this and other events.
LINKS:
2012 Information Assurance Expo - http://www.informationassuranceexpo.com/
Making Security Measurable - http://measurablesecurity.mitre.org
CVE Calendar - http://cve.mitre.org/news/calendar.html
---------------------------------------------------------------
HOT TOPIC:
CVE, CWE, and CWE/SANS Top 25 Mentioned in Article about Supply Chain Risk
Management in "CrossTalk Magazine"
CVE, Common Weaknesses Enumeration (CWE), and the CWE/SANS Top 25 Most
Dangerous Programming Errors List are mentioned in an article entitled
"Supply Chain Risk Management" in the March/April 2012 issue of "CrossTalk
Magazine: The Journal of Defense Software Engineering."
CVE, CWE, and the CWE/SANS Top 25 are mentioned in phase 2 of a section
entitled "A Three-phase Code Analysis Process": "Look for common
vulnerability patterns . analysts [should] make sure that code reviews cover
the most common vulnerabilities and weaknesses. Sources for such common
vulnerabilities and weaknesses include the Common Vulnerabilities and
Exposures (CVE) and Common Weaknesses Enumeration (CWE) databases,
maintained by the MITRE Corporation and accessible on the web at:
<http://cve.mitre.org/cve/> and <http://cwe.mitre.org/>. MITRE, in
cooperation with the SANS Institute, also maintains a list of the "Top 25
Most Dangerous Programming Errors [13]" that can lead to serious
vulnerabilities. The top three classes of errors as of December 2010 were
cross-site scripting, SQL injection, and buffer overflows. Static code
analysis tool and manual techniques should at a minimum, address these Top
25." CWE and the CWE/SANS Top 25 are cited again and described in more
detail at the end of article in a section entitled "Useful Links".
LINKS:
CrossTalk Magazine article -
http://www.crosstalkonline.org/storage/issue-archives/2012/201203/201203-0-I
ssue.pdf
CWE - http://cwe.mitre.org/
CWE/SANS Top 25 - http://cwe.mitre.org/top25/index.html
CVE - http://cve.mitre.org/
---------------------------------------------------------------
ALSO IN THIS ISSUE:
* Huawei Technologies Co., Ltd. Makes 2 Declarations of CVE Compatibility
* BroadWeb Corporation, Ltd. Makes 2 Declarations of CVE Compatibility
* Briefing Slides from "Security Automation Developer Days 2012" Now
Available
* MITRE Hosts CVE/Making Security Measurable Booth at "Black Hat Briefings
2012"
Read these stories and more news at http://cve.mitre.org/news
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: Steve Boyle, Information Security Technical Center. Writer:
Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE and
provides impartial technical guidance to the CVE Editorial Board on all
matters related to ongoing development of CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new email message
and copy the following text to the BODY of the message "SIGNOFF
CVE-Announce-list", then send the message to: listserv@lists.mitre.org. To
subscribe, send an email message to listserv@lists.mitre.org with the
following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".
Copyright 2012, The MITRE Corporation. CVE and the CVE logo are registered
trademarks of The MITRE Corporation.
For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org. Learn more about
Making Security Measurable at http://measurablesecurity.mitre.org.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment