|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
CVE-Announce e-newsletter/November 29, 2004 (Opt-in newsletter from the CVE Web site)
cve
mitre.org
Date: Mon Nov 29 2004 - 16:13:34 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Welcome to the latest edition of the CVE-Announce e-newsletter. This
email newsletter is designed to bring recent news about CVE, such as
new versions, upcoming conferences, new Web site features, etc. right
to your emailbox. Common Vulnerabilities and Exposures (CVE) is a list
or dictionary that provides common names for publicly known
information security vulnerabilities and exposures. CVE content
results from the collaborative efforts of the CVE Editorial Board,
which is comprised of leading representatives from the information
security community. Details on subscribing (and unsubscribing) to the
email newsletter are at the end.
Comments: cvemitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/November 29, 2004
-------------------------------------------------------
Contents:
1. Feature Story
2. Hot Topic
3. Latest Compatible Products/Services
4. Also in this Issue
5. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
MITRE Presents CVE Compatibility Certificates in Awards Ceremony at
"CSI Computer Security Conference"
MITRE held an awards ceremony on Monday evening, November 18th at
Computer Security Institute's (CSI) "31st Annual Computer Security
Conference and Exhibition" in Washington, D.C., USA, to present
"Certificates of CVE Compatibility" to the 10 most recent
organizations to achieve the final phase of MITRE's formal CVE
Compatibility Process and whose 20 information security products or
services are now officially "CVE-compatible." The awards were
presented by Lawrence C. Hale, Deputy Director of the National Cyber
Security Division, U.S. Computer Emergency Readiness Team (US-CERT) at
the U.S. Department of Homeland Security.
Organizations participating in the ceremony included Citadel Security
Software Inc.; eEye Digital Security; Internet Security Systems, Inc.;
nCircle Network Security, Inc.; PredatorWatch, Inc.; SAINT
Corporation; and Symantec Corporation. Organizations receiving
certificates but unable to participate in the ceremony were DragonSoft
Security Associates, Inc.; Trend Micro, Inc.; and Venus Information
Technology, Inc.
For additional information about CVE compatibility and to review all
products and services listed, visit the CVE Compatibility Process and
CVE-Compatible Products and Services pages.
LINKS:
CVE Compatibility Process - http://cve.mitre.org/compatible/process.html
CVE-Compatible Products and Services - http://cve.mitre.org/compatible/
US-CERT - http://www.us-cert.gov/
-------------------------------------------------------------
HOT TOPIC #1:
Three Example Procurement Documents Added to CVE Web Site
Three example procurement documents have been added to the CVE
Documents page to assist government agencies and other organizations
with including CVE in the development of their request for proposals,
statements of work, and other procurement requirements for the
purchase of software applications as well for the acquisition of
specific network and system assessment and remediation tools.
The following three example documents are available in Microsoft Word format:
* "CVE-Relevant Software Supplier Requirements (SWSupplier)": This
document is an extract of the statement of objectives used by the
Department of Defense to explain the security-relevant requirements
they wanted met by software suppliers. Several areas of security
issues are addressed as well as the use of CVE names for
vulnerabilities in security notifications.
* "CVE-Relevant Vulnerability Assessment Tool Requirements
(IAVMtool)": This document is an extract of the statement of work used
by the Department of Defense to explain the security-relevant
requirements they wanted met by an enterprise-wide vulnerability
assessment and reporting tool. Several areas of security issues are
addressed as well as the use of CVE names for vulnerabilities being
reported.
* "CVE-Relevant Remediation Tool Requirements (IAremedtool)": This
document is an extract of the statement of work used by the Department
of Defense to explain the security-relevant requirements they wanted
met by an enterprise-wide remediation tool. Several areas of security
issues are addressed as well as the use of CVE names for choosing
which vulnerabilities are remediated and reporting remediation status.
Visit the CVE Documents page to review the documents or contact
cvemitre.org with any questions or for more information.
LINK:
CVE Documents page - http://cve.mitre.org/docs/#procurement
-------------------------------------------------------------
LATEST COMPATIBLE PRODUCTS/SERVICES:
* DragonSoft Security Associates, Inc. declared that its DragonSoft
Vulnerability Database is CVE-compatible.
Find more information on these and other products at
http://cve.mitre.org/compatible/
-------------------------------------------------------------
ALSO IN THIS ISSUE:
* Citadel Security Software Inc. Issues Press Release Announcing
Receipt of "Certificate of Compatibility for Full CVE Compliance"
* DragonSoft Security Associates, Inc. Issues Press Release Announcing
Recognition for CVE Compatibility
* eEye Digital Security Issues Press Release Announcing Receipt of
Certificate of CVE Compatibility
* nCircle Network Security, Inc. Issues Press Release Announcing
Receipt of Certificate of CVE Compatibility
* SAINT Corporation Issues Press Release Announcing Receipt of
"Certificate of CVE Compatibility" for SAINTbox and WebSAINT
* CVE Presents Briefing at New England Information Security Group
Meeting
* MITRE Hosts CVE/OVAL Booth at "LISA 2004"
* MITRE Hosts CVE/OVAL Booth at "CSI Computer Security Conference"
Read these stories and more news at http://cve.mitre.org/news
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: Steve Christey, Information Security Technical
Center. Writer: Bob Roberge, Corporate Communications. The MITRE
Corporation (www.mitre.org) maintains CVE and provides impartial
technical guidance to the CVE Editorial Board on all matters related
to ongoing development of CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new email
message and copy the following text to the BODY of the message
"SIGNOFF CVE-Announce-list", then send the message to:
listservlists.mitre.org. To subscribe, send an email message to
listservlists.mitre.org with the following text in the BODY of the
message: "SUBSCRIBE CVE-Announce-List".
Copyright 2004, The MITRE Corporation. CVE and the CVE logo are
registered trademarks of The MITRE Corporation.
For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cvemitre.org.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]