Re: Survey: Use of Same Attack/Same Codebase content decision in VDB's
Paul Proctor asked:
> One of the disconnects between the host-based ID and the CVE is that
> vulnerability exploitation is only one aspect of monitoring. We also
> monitor for behavior deviations, trends, and patterns of misuse such as
> abuse of privilege. I've been wondering if the CVE will attempt to address
> these or just stick with known vulnerabilities.
This is outside of the scope of the CVE, except tangentially when
"misuse" includes an attempt to exploit or discover a vulnerability.
This is a known and expected limitation of the CVE with respect to IDS
systems; it only attempts to standardize on one part of the problem.
But there's nothing stopping (someone) from attempting to create a
Common Signature Enumeration or somesuch; as you probably know, the
CIDF people have actually have been developing such a beast, although
from my outsider's perspective it doesn't appear like CIDF as a whole
is quite ready to use it yet.