Secure Coding mailing list archives
The Next Frontier
From: coley at linus.mitre.org (Steven M. Christey)
Date: Wed, 27 Jun 2007 18:33:46 -0400 (EDT)
SCAP deals with finding known vulnerabilities or configuration problems on live networks, not the results of an ad hoc analysis of a single software package. NIST's SAMATE project might have exchange formats on a to-do list somewhere, but I'm not deeply involved in that project except as it relates to CWE. Certainly, an exchange format would be very useful for collating (or comparing) results from multiple tools, which also might be its greatest barrier to vendor acceptance based on competitive reasons. - Steve
Current thread:
- Interesting tidbit in iDefense Security Advisory 06.26.07 Kenneth Van Wyk (Jun 26)
- Interesting tidbit in iDefense Security Advisory 06.26.07 Steven M. Christey (Jun 26)
- Interesting tidbit in iDefense Security Advisory 06.26.07 Wall, Kevin (Jun 26)
- Interesting tidbit in iDefense Security Advisory 06.26.07 Paco Hope (Jun 26)
- Interesting tidbit in iDefense Security Advisory 06.26.07 Steven M. Christey (Jun 26)
- The Next Frontier McGovern, James F (HTSC, IT) (Jun 26)
- The Next Frontier Paco Hope (Jun 27)
- The Next Frontier ljknews (Jun 27)
- The Next Frontier Steven M. Christey (Jun 27)
- The Next Frontier McGovern, James F (HTSC, IT) (Jun 28)
- Interesting tidbit in iDefense Security Advisory 06.26.07 Paco Hope (Jun 26)
- Interesting tidbit in iDefense Security Advisory 06.26.07 Leichter, Jerry (Jun 27)
- Comparing Software Vendors McGovern, James F (HTSC, IT) (Jun 28)
- <Possible follow-ups>
- Interesting tidbit in iDefense Security Advisory 06.26.07 David A. Wheeler (Jun 28)
- Interesting tidbit in iDefense Security Advisory 06.26.07 J. M. Seitz (Jun 28)
- Interesting tidbit in iDefense Security Advisory 06.26.07 Leichter, Jerry (Jun 28)
- Interesting tidbit in iDefense Security Advisory 06.26.07 David A. Wheeler (Jun 28)
- Interesting tidbit in iDefense Security Advisory 06.26.07 J. M. Seitz (Jun 28)