RE: The Common Vulnerabilities and Exposures taxonomy

From: Doty, Ted (ISSAtlanta) (TDotyat_private)
Date: Wed Oct 20 1999 - 05:31:27 PDT

Next message: Darren Reed: "Re: IPv6 Firewall"

Previous message: Cleaver, Richard J: "RealSecure on Solaris"
Maybe in reply to: Rick Smith: "The Common Vulnerabilities and Exposures taxonomy"
Next in thread: Scott Blake: "RE: The Common Vulnerabilities and Exposures taxonomy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wednesday, October 20, 1999 1:08 AM, Marcus J. Ranum <mjrat_private> wrote:

> I think it may be a good start. Honestly, I probably won't have
> my team invest effort in re-writing our alert outputs to use CVE
> (because we'd have to add over 500 alert points to the CVE database
> to do so) unless there's a huge demand for it. I suspect other
> vendors will also take a "wait and see" approach. For now, it's
> too basic, I feel. Obviously, we can't all agree on the significance
> of a CVE-1999-0303 (oops, excuse me, a BNU uucpd buffer overrun)
> to any given network - and the current messages are not reliably
> tagged to O/S rev, host software rev, affected files, hardware
> architecture, and configuration information. That'd be useful.

I agree with Marcus that this is a good start, but I don't see this
replacing our existing database soon.  Not only does CVE lack some info that
we think is pretty important (OS info, etc), but the CVE lacks a structure
that would help a user browse the list of checks.  We've seen that people
like to do interesting types of sorts on the information (show me all the
FTP checks, or the high risk FTP checks, or the high risk FTP checks that
might effect Solaris), but a grouping like this is (for now, at least)
outside the scope of the CVE.

That said, I think it's a pretty decent win to have a common tag name that
everyone can use to reference a particular issue.  Certainly *searchability*
in products will be a huge win - this is actually not too hard (we're adding
it to Internet Scanner).  It's really unclear how much more than
searchability people will want, tho.

- Ted

-----------------------------------------------------------------------
Ted Doty, Internet Security Systems 	     | Phone: +1 678 443-6000
6600 Peachtree Dunwoody Road, 300 Embassy Row  | Fax:   +1 678 443-6479
Atlanta, GA 30328  USA              	     | Web: http://www.iss.net
-----------------------------------------------------------------------
PGP key fingerprint: 362A EAC7 9E08 1689  FD0F E625 D525 E1BE

Next message: Darren Reed: "Re: IPv6 Firewall"
Previous message: Cleaver, Richard J: "RealSecure on Solaris"
Maybe in reply to: Rick Smith: "The Common Vulnerabilities and Exposures taxonomy"
Next in thread: Scott Blake: "RE: The Common Vulnerabilities and Exposures taxonomy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:44:13 PDT