Re: computer/vulnerability database

["Matthew Zimmerman" <mzimmerman () gmail com>]

Jerry, I'm not sure if this is what you're looking for (as I didn't
really grasp your question) but OpenFISMA may apply.  It's targeted at
a US Govt Federal audience but it's concepts may be very applicable
for you regardless.  OpenFISMA is what an organization would use to
keep track of their vulnerabilities and how they're addressing the
issues AFTER they have already been identified.

http://www.openfisma.org/

Matt Z

On Fri, Jan 9, 2009 at 8:01 AM, Shenk, Jerry A
<jshenk () decommunications com> wrote:
> Does anybody have any thoughts about a database for an audit to contain
> current vulnerability issues and subsequent updates?
>
> I imagine that it should have at least two tables - one table for
> computers and another table for vulnerabilities.  Obviously, each
> computer can have multiple vulnerabilities and it would be nice to be
> able to generate a report for each vulnerability.  I also think it would
> be good to have the ability to note when vulnerabilities are resolved as
> an additional note.
>
>
> **DISCLAIMER
> This e-mail message and any files transmitted with it are intended for the use of the individual or entity to which 
> they are addressed and may contain information that is privileged, proprietary and confidential. If you are not the 
> intended recipient, you may not use, copy or disclose to anyone the message or any information contained in the 
> message. If you have received this communication in error, please notify the sender and delete this e-mail message. 
> The contents do not represent the opinion of D&E except to the extent that it relates to their official business.