jniq.blogspot.com
Jano's Zypper Blog: 12/7/08 - 12/14/08
http://jniq.blogspot.com/2008_12_07_archive.html
Tuesday, December 9, 2008. I filled some missing parts in the Repository Index Service. Specification, mainly regarding client handling the repository index. I would consider it done already, but there are still a few things i would like to see done in the future:. Attribute should be turned into some standard distribution identifier to make it really useful. The CPE. Looks like a good candidate. It might be worth to add the examples from this Duncan's post. Some TODOs for libzypp:.
blog.elevenpaths.com
ElevenPaths Blog: junio 2014
http://blog.elevenpaths.com/2014_06_01_archive.html
Havex no es el nuevo Stuxnet (y la falta de profesionalidad). Lunes, 30 de junio de 2014. Desde que Stuxnet apareció (hace ya cuatro años) parece que se espera un sucesor. Al menos en el campo del espionaje industrial y ámbitos SCADA. Desde entonces, se han descubierto varios "hijos", "primos" y familiares en general, pero ninguno parecía estar a la altura. Havex tampoco, ni mucho menos. De hecho, a pesar de los titulares, no tiene mucho que ver. Energéticas europeas (una buena parte en España). Comprome...
security-database.com
vDNA - Vunerability DNA API - Security Database
http://www.security-database.com/vdna.php
VDNA : Vulnerability DNA API. VDNA : Vulnerability DNA API Documentation. CWE : Common Weakness Enumeration. CAPEC : Common Pattern Enumeration. DPE : Default Password Enumeration. CPE : Common Plateform Enumeration. CVE : Common Vulnerability Enumeration. CAPEC : Common Pattern Enumeration. CWE : Common Weakness Enumeration. OVAL : Open Vulnerability and Assessment Language. VDNA - Vunerability DNA API. VDNA provides thoses defaults informations for a given Alert :. Common Vulnerability Enumeration : CVE.
altex-soft.com
ALTEX-SOFT
http://www.altex-soft.com/scap.htm
Security Content Automation Protocol (. Includes a number of open standards, supported by the international community of professionals in the field of information security. The latest version (version 1.2) SCAP consists of eleven components of the Protocol in five categories:. Languages SCAP will normalize dictionaries and expressions describing the security policy, mechanisms of monitoring and evaluation results. SCAP includes the following components:. OVAL , Open vulnerability and assessment language.
msm.mitre.org
Making Security Measurable- Malware Protection
http://msm.mitre.org/directory/areas/malwareprotection.html
A Collection of Information Security Community Standardization Activities and Initiatives. MSM Directory of Efforts. Attackers, ranging from script kiddies to hacktivists to criminals to nations states, use malware to gain access to an organization’s network infrastructure. Once inside the network, these attackers may try to deface systems, gather personal and proprietary information, or deny legitimate users access to resources. Or Open Indicators of Compromise (OpenIOC). Or common weaknesses (CWE).
benchmarkdevelopment.mitre.org
Benchmark Development: Standards and Tools
http://benchmarkdevelopment.mitre.org/standards_tools/stnds-tools.html
Resources for creating standards-based, structured, and automatable security guidance. IMPORTANT: This website is being maintained as an archive for the community. It is no longer being updated. How to Write a Good Benchmark. Example of a Good Benchmark. MITRE has developed extensive experience and expertise working with information security standards and security content management tools to create and manage security guidance. These are listed on the Recommended Standards. Mdash; an open standard that c...
benchmarkdevelopment.mitre.org
Benchmark Development: All Resources
http://benchmarkdevelopment.mitre.org/standards_tools/resources.html
Resources for creating standards-based, structured, and automatable security guidance. IMPORTANT: This website is being maintained as an archive for the community. It is no longer being updated. How to Write a Good Benchmark. Example of a Good Benchmark. Extensible Configuration Checklist Description Format (XCCDF). Open Checklist Interactive Language (OCIL). Open Vulnerability and Assessment Language (OVAL). Enumerations Referenced by Benchmarks. Common Configuration Enumeration (CCE™). DISA Security Te...
benchmarkdevelopment.mitre.org
Benchmark Development: How to Write a Good Benchmark
http://benchmarkdevelopment.mitre.org/about/write.html
Resources for creating standards-based, structured, and automatable security guidance. IMPORTANT: This website is being maintained as an archive for the community. It is no longer being updated. How to Write a Good Benchmark. Example of a Good Benchmark. How to Write a Good Benchmark. 5 tips for writing benchmarks that are clear, concise, and unambiguous. The recommendation should be a directive using imperative voice. Do not use the words restrict or limit to ensure clarity. Use and/or reference industr...
oval.mitre.org
OVAL - OVAL Use Cases Guide
http://oval.mitre.org/adoption/usecasesguide.html
NEWS July 9, 2015. Open Vulnerability and Assessment Language. A Community-Developed Language for Determining Vulnerability and Configuration Issues on Computer Systems. Has transitioned to the Center for Internet Security (CIS). The MITRE OVAL website is in "Archive" status. Please visit the CIS OVAL website. To stay current with OVAL. The OVAL Adoption Program was established to:. Enable interoperability among security products. OVAL enables interoperability between security products by allowing them...