再保险:CNA规则公告

太阳,2016年10月9日,斯科特Lawler写道::这个级别的抽象是? ?抽象。我们如何确定:应该是抽象到什么水平?::这是一个滑坡开始下降。::我同意,某种程度的抽象是好的。我认为我们需要仔细定义为社区的抽象级别是什么:合适。::老实说,我呢?不知道怎么做。我讨厌case-by-base说:但?::如何量化和定义正确的抽象级别?我认为最好的开始方式是找出从过去~ 10 vulns适合该法案。 "Protocol" vulns that were NOT due to a flaw in the design specs, rather the implementation (where almost every vendor got it wrong), and see how it worked out. While many may immediately say "we don't need 100 IDs for that, it's confusing!" I disagree to at a certain point. When it comes to per-vendor fixes where you are applying 20 different patches, upgrades, or workarounds in your organization "for the same vulnerability", that is confusing. That one ID is no longer talking about the same vulnerability in the full scope of it (flaw, impact, and remediation). So examining some of the past ones that were abstracted, and some that were not... then look at how security vendors handled it. Did they create different rules for IDS/IPS? Did vuln scanners create different IDs/plugins? That would also be a good one to get community feedback on. Brian