From: CVE Announce (cvemitre.org)
Date: Mon Aug 21 2006 - 13:50:19 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Welcome to the latest edition of the CVE-Announce e-newsletter. This
email newsletter is designed to bring recent news about CVE, such as new
versions, upcoming conferences, new Web site features, etc. right to
your emailbox. Common Vulnerabilities and Exposures (CVE) is the
standard for information security vulnerability names. CVE content
results from the collaborative efforts of the CVE Editorial Board, which
is comprised of leading representatives from the information security
community. Details on subscribing (and unsubscribing) to the email
newsletter are at the end. Please feel free to pass this newsletter on
to interested colleagues.

Comments: cvemitre.org

-------------------------------------------------------
CVE-Announce e-newsletter/August 21, 2006
-------------------------------------------------------

Contents:

1. Feature Story
2. Upcoming Events
3. Details/Credits + Subscribing and Unsubscribing

FEATURE STORY:

"Common Configuration Enumeration" Added to CVE Web Site

A "Common Configuration Enumeration (CCE)" section has been added to the
GET CVE page on the CVE Web site. CCE is the part of the CVE Initiative
that focuses on security configuration issues and exposures.

CCE provides unique identifiers to system configurations in order to
facilitate fast and accurate correlation of configuration data across
multiple information sources and tools. As an example, CCE Identifiers
could be used to associate checks in configuration assessment tools with
statements in configuration best-practice documents such as the Center
for Internet Security (CIS) benchmark documents.

A very preliminary draft of the CCE List is available now for public
review and comment. This preliminary draft is intended as a
proof-of-concept and focuses on security-related configuration issues
for Windows 2000, Windows XP, and Windows Server 2003. The draft should
not be considered final and will be modified over time. In particular,
the CCE IDs themselves are not final and will likely change
significantly in future versions. Currently, each entry on the list
includes the following: CCE Identifier number, description, logical
parameters, technical mechanisms, and any references. Refer to the CCE
List page for more information.

The new section includes the CCE List; a CCE Status section detailing
the status of the current version; a description of How to Participate
for organizations and individuals interested in contributing; and a Join
the CCE Working Group section for those interested in actively
participating in this new community initiative.

LINKS:

CCE section - http://cve.mitre.org/cce/

-----------------------------------------------------------------Two
Upcoming Events in September

CVE is scheduled to participate in two events in September, the "5th
Annual Cyber Security Executive Summit" and the "IT Security World
Conference & Expo 2006":

* CVE and CWE to present briefing at "5th Annual Cyber Security
   Executive Summit"

CVE is scheduled to present a briefing about CVE and CWE at the "5th
Annual Cyber Security Executive Summit" for the financial services
sector on September 13-14, 2006 at the Metropolitan Pavilion in New York
City, New York, USA. Common Weakness Enumeration (CWE) is a
community-developed formal list of common software weaknesses that is
based in part on CVE's 18,000+ identifiers.

* CVE to Host Booth at "IT Security World Conference & Expo 2006"

CVE is scheduled to co-host an exhibitor booth at "IT Security World
Conference & Expo 2006" September 25th - 26th, 2006 in San Francisco,
California, USA. The conference will expose CVE, CWE, OVAL, and CME to
security professionals from industry, government, and academia charged
with developing and running their organizations' information security
programs. Organizations listed on the CVE-Compatible Products and
Services section at http://cve.mitre.org/compatible/ are also
exhibiting.

Refer to the CVE Calendar page for event urls. Contact cvemitre.org to
have CVE present a briefing or participate in a panel discussion about
CVE, CCE, CWE, OVAL, CME, and/or other vulnerability management topics
at your event.

LINKS:

CVE Calendar - http://cve.mitre.org/news/calendar.html

CCE- http://cce.mitre.org

CWE - http://cwe.mitre.org

OVAL - http://oval.mitre.org

CME - http://cme.mitre.org

---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing

Managing Editor: Steve Christey, Information Security Technical Center.
Writer: Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE
and provides impartial technical guidance to the CVE Editorial Board on
all matters related to ongoing development of CVE.

To unsubscribe from the CVE-Announce e-newsletter, open a new email
message and copy the following text to the BODY of the message "SIGNOFF
CVE-Announce-list", then send the message to: listservlists.mitre.org.
To subscribe, send an email message to listservlists.mitre.org with the
following text in the BODY of the message: "SUBSCRIBE
CVE-Announce-List".

Copyright 2006, The MITRE Corporation. CVE and the CVE logo are
registered trademarks of The MITRE Corporation.

For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cvemitre.org.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]