再保险:[技术]高级候选人最近SNMP的问题

>从:史蒂文·m·Christey [mailto: coley@LINUS.MITRE.ORG]>我不认为很多人希望看到一个候选人> HTTP GET缓冲区溢出。实际上,客户要求绝对是我们对管理漏洞移动两个,甚至三、层次的抽象。据我所知,这些客户的需求是由不同客户的不同的方式方法修复的问题。对一些人来说,他们想知道的是,他们有一个脆弱的web服务器在这个特定的IP地址,在这种情况下,一个单一的CVE编号为HTTP GET BOs绰绰有余。对另一些人来说,他们想要调整服务器到某种形式的遵从性,所以他们需要更具体的信息(经典CVE名称、交货)。“开放”SMB股票是另一个例子,跳跃。有些客户只是想处理这个问题在相当高的抽象层次。别人想要的平台特定的信息(NT,能正常,Samba……)。也许我们都是拖(毫无疑问,踢和尖叫)反暴力极端主义的语言,让我们更好的讨论在不同的抽象级别。时间恢复“点”的概念符号? [Dave ducks under his keyboard] I suspect this related to "vagueness" issue, btw. > We haven't seen vendors actively advertising how many CVE's they > check yet, but I think that will happen. I'm not sure of this, actually. I sense that the market is evolving away from the old "check-count" wars, even if it is dressed up in new CVE clothing. Increasingly, we are being asked to provide standards based solutions (e.g. HIPPA, SANS Top 10, SANS Top 20, Center for Internet Security, various OS Vendor standards, etc.). In this context, CVE is useful for clarifying the standards and connecting vague policy statements to specific checks. The problem here is that, by necessity, these standards are often written a much higher level of abstraction than that at which CVE currently operates. I should note, btw, that without higher level identifiers, CVE simply will never be useful (to our customers) in some circumstances. For example, RAZOR has cataloged, what?, 80ish vulnerabilities relating to old versions of sendmail. Specific CVE names for these old issues might pump up our check count numbers, but they mean little to nothing to many of our customers. They are interested in only one thing. Is their Sendmail up to date? Here, a single, higher level CVE name for outdated Sendmail would be more useful. Now, on to more pressing issues like, Why has the skiing been so pitiful here in southern New England? cheers, Dave ============================================================== Dave Mann || e-mail: dmann@bos.bindview.com Security Program Manager || phone: 508-485-7737 x254 RAZOR Security Team || cell: 617-943-3507 BindView Corporation || fax: 508-485-0737