Firewall Wizards mailing list archives
RE: The Common Vulnerabilities and Exposures taxonomy
From: "Doty, Ted (ISSAtlanta)" <TDoty () iss net>
Date: Wed, 20 Oct 1999 08:31:27 -0400
On Wednesday, October 20, 1999 1:08 AM, Marcus J. Ranum <mjr () nfr net> wrote:
I think it may be a good start. Honestly, I probably won't have my team invest effort in re-writing our alert outputs to use CVE (because we'd have to add over 500 alert points to the CVE database to do so) unless there's a huge demand for it. I suspect other vendors will also take a "wait and see" approach. For now, it's too basic, I feel. Obviously, we can't all agree on the significance of a CVE-1999-0303 (oops, excuse me, a BNU uucpd buffer overrun) to any given network - and the current messages are not reliably tagged to O/S rev, host software rev, affected files, hardware architecture, and configuration information. That'd be useful.
I agree with Marcus that this is a good start, but I don't see this replacing our existing database soon. Not only does CVE lack some info that we think is pretty important (OS info, etc), but the CVE lacks a structure that would help a user browse the list of checks. We've seen that people like to do interesting types of sorts on the information (show me all the FTP checks, or the high risk FTP checks, or the high risk FTP checks that might effect Solaris), but a grouping like this is (for now, at least) outside the scope of the CVE. That said, I think it's a pretty decent win to have a common tag name that everyone can use to reference a particular issue. Certainly *searchability* in products will be a huge win - this is actually not too hard (we're adding it to Internet Scanner). It's really unclear how much more than searchability people will want, tho. - Ted ----------------------------------------------------------------------- Ted Doty, Internet Security Systems | Phone: +1 678 443-6000 6600 Peachtree Dunwoody Road, 300 Embassy Row | Fax: +1 678 443-6479 Atlanta, GA 30328 USA | Web: http://www.iss.net ----------------------------------------------------------------------- PGP key fingerprint: 362A EAC7 9E08 1689 FD0F E625 D525 E1BE
Current thread:
- The Common Vulnerabilities and Exposures taxonomy Rick Smith (Oct 19)
- Re: The Common Vulnerabilities and Exposures taxonomy Marcus J. Ranum (Oct 19)
- RE: The Common Vulnerabilities and Exposures taxonomy Scott Blake (Oct 20)
- Re: The Common Vulnerabilities and Exposures taxonomy Rick Smith (Oct 20)
- Re: The Common Vulnerabilities and Exposures taxonomy Adam Shostack (Oct 21)
- RE: The Common Vulnerabilities and Exposures taxonomy Anton J Aylward (Oct 21)
- Re: The Common Vulnerabilities and Exposures taxonomy Adam Shostack (Oct 21)
- RE: The Common Vulnerabilities and Exposures taxonomy Anton J Aylward (Oct 21)
- Re: The Common Vulnerabilities and Exposures taxonomy Adam Shostack (Oct 21)
- Re: The Common Vulnerabilities and Exposures taxonomy Marcus J. Ranum (Oct 19)
- <Possible follow-ups>
- RE: The Common Vulnerabilities and Exposures taxonomy Doty, Ted (ISSAtlanta) (Oct 20)
- RE: The Common Vulnerabilities and Exposures taxonomy Anton J Aylward (Oct 21)
- Re: The Common Vulnerabilities and Exposures taxonomy Bill_Royds (Oct 20)
- RE: The Common Vulnerabilities and Exposures taxonomy Russ (Oct 20)
- RE: The Common Vulnerabilities and Exposures taxonomy Doty, Ted (ISSAtlanta) (Oct 21)
- RE: The Common Vulnerabilities and Exposures taxonomy Anton J Aylward (Oct 21)
- RE: The Common Vulnerabilities and Exposures taxonomy Russ (Oct 23)