February 18, 2006


Category: Log Analysis — Raffael Marty @ 12:27 pm

A horrible acronym. I know. We had a working session during the RSA conference to talk about XCCDF-P. For those not familiar with XCCDF, it has to do with policy definitions and uses OVAL to implement the checks.

XCCDF-P (which will hopefully get renamed pretty soon to something else, and hopefully not to CPN (Common Platform Names) [We already have CVE, CME, and CCE]) is an effort to standardize platform names. What’s the problem? Well, if I have two scanners analyzing a system of mine, one of them might report that I am running a “Windows 2000”, the other one might say “Win2K”. This is really the same, but how would a machine know? That’s where the standard is trying to clean things up. You wouldn’t belive how much discussion this topic actually involves. We met for about an hour and had plenty of things to discuss, not even closely getting to an agreed-upon solution. However, the problem is defined and we all agreed upon the the necessity to solve the problem! Stay put for an update soon and hopefully a quick turn around with a solution draft.

No Comments »

No comments yet.

RSS feed for comments on this post. | TrackBack URI

Leave a comment

XHTML ( You can use these tags): <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> .