[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Survey: Use of Same Attack/Same Codebase content decision in VDB's

Paul Proctor asked:

> One of the disconnects between the host-based ID and the CVE is that
> vulnerability exploitation is only one aspect of monitoring.  We also
> monitor for behavior deviations, trends, and patterns of misuse such as
> abuse of privilege.  I've been wondering if the CVE will attempt to address
> these or just stick with known vulnerabilities.

This is outside of the scope of the CVE, except tangentially when
"misuse" includes an attempt to exploit or discover a vulnerability.

This is a known and expected limitation of the CVE with respect to IDS
systems; it only attempts to standardize on one part of the problem.
But there's nothing stopping (someone) from attempting to create a
Common Signature Enumeration or somesuch; as you probably know, the
CIDF people have actually have been developing such a beast, although
from my outsider's perspective it doesn't appear like CIDF as a whole
is quite ready to use it yet.

- Steve

Page Last Updated or Reviewed: May 22, 2007