From: CVE Announce List (cvemitre.org)
Date: Fri Mar 31 2006 - 14:49:16 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Welcome to the latest edition of the CVE-Announce e-newsletter. This
email newsletter is designed to bring recent news about CVE, such as new
versions, upcoming conferences, new Web site features, etc. right to
your emailbox. Common Vulnerabilities and Exposures (CVE) is the
standard for information security vulnerability names. CVE content
results from the collaborative efforts of the CVE Editorial Board, which
is comprised of leading representatives from the information security
community. Details on subscribing (and unsubscribing) to the email
newsletter are at the end. Please feel free to pass this newsletter on
to interested colleagues.

Comments: cvemitre.org

-------------------------------------------------------
CVE-Announce e-newsletter/March 31, 2006
-------------------------------------------------------

Contents:

1. Feature Story
2. Upcoming Event
3. Also in this Issue
4. Details/Credits + Subscribing and Unsubscribing

FEATURE STORY:

"Common Weakness Enumeration" Added to CVE Web Site

A new effort leveraging CVE entitled the "Common Weakness Enumeration
(CWE)" has been added to the GET CVE page on the CVE Web site.

CWE is a community-developed formal list of common software weaknesses,
idiosyncrasies, faults, and flaws. The intention of CWE is to serve as a
common language for describing software security vulnerabilities, a
standard measuring stick for software security tools targeting these
vulnerabilities, and as a baseline standard for vulnerability
identification, mitigation, and prevention efforts. Leveraging the
diverse thinking on this topic from academia, the commercial sector, and
government, CWE unites the most valuable breadth and depth of content
and structure to serve as a unified standard. Our objective is to help
shape and mature the code security assessment industry and also
dramatically accelerate the use and utility of software assurance
capabilities for organizations in reviewing the software systems they
acquire or develop.

Based in part on the CVE List's 15,000 plus CVE names-but also including
detail and scope from a diverse set of other industry and academic
sources and examples including the McGraw/Fortify "Kingdoms" taxonomy;
Howard, LeBlanc & Viega's "19 Deadly Sins"; and Secure Software's CLASP
project; among others-CWE's definitions and descriptions support the
finding of common types of software security flaws in code prior to
fielding. This means both users and developers now have a mechanism for
ensuring that the software products they acquire and develop are free of
known types of security flaws by describing their code and assessment
capabilities in terms of their coverage of the different CWEs.

The new section includes the CWE List, offered in a detailed Taxonomy
view and a high-level Dictionary view; an About section describing the
overall CWE effort and process in more detail; a Compatibility page; a
Community Participation page; and a list of Sources.

LINKS:

Common Weakness Enumeration (CWE) section -
http://cve.mitre.org/cwe/index.html

Get CVE page - http://cve.mitre.org/cve/

---------------------------------------------------------------
UPCOMING EVENT:

CVE to Host Booth at MISTI's "InfoSec World 2006"

MITRE is scheduled to host a CVE/OVAL/CME exhibitor booth at MISTI's
"InfoSecWorld 2006 Conference & Expo" on April 3rd - 4th at the Coronado
Springs Resort in Orlando, Florida, USA.

The conference will expose CVE, OVAL, and CME to a diverse audience of
attendees from the banking, finance, real estate, insurance, and health
care industries, among others. The conference is targeted to information
security policy and decision makers from these and other industries, as
well as directors and managers of information security, CIOs, network
and systems security administrators, IT auditors, systems planners and
analysts, systems administrators, software and application developers,
engineers, systems integrators, strategic planners, and other
information security professionals.

Please stop by Booth 436 and say hello. In addition, organizations
listed in the CVE-Compatible Products and Services section at
http://cve.mitre.org/compatible/ will also be exhibiting.

LINKS:

"InfoSecWorld 2006" -
http://www.misti.com/default.asp?Page=65&Return=70&ProductID=4983

CVE Calendar - http://cve.mitre.org/news/calendar.html

---------------------------------------------------------------
ALSO IN THIS ISSUE:

* 504 CVE Names with Candidate Status Added to CVE List in February

* CVE Presents Briefing at MISTI's "FISMA Risk Management & Compliance
   Training Symposium" on March 14th

Read these stories and more news at http://cve.mitre.org/news

---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing

Managing Editor: Steve Christey, Information Security Technical Center.
Writer: Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE
and provides impartial technical guidance to the CVE Editorial Board on
all matters related to ongoing development of CVE.

To unsubscribe from the CVE-Announce e-newsletter, open a new email
message and copy the following text to the BODY of the message "SIGNOFF
CVE-Announce-list", then send the message to: listservlists.mitre.org.
To subscribe, send an email message to listservlists.mitre.org with the
following text in the BODY of the message: "SUBSCRIBE
CVE-Announce-List".

Copyright 2006, The MITRE Corporation. CVE and the CVE logo are
registered trademarks of The MITRE Corporation.

For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cvemitre.org.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]