[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Survey: Use of Same Attack/Same Codebase content decision in VDB's
- To: cve-review@linus.mitre.org
- Subject: Re: Survey: Use of Same Attack/Same Codebase content decision in VDB's
- From: "Steven M. Christey" <coley@linus.mitre.org>
- Date: Wed, 7 Jul 1999 02:18:09 -0400 (EDT)
Paul Proctor asked: > One of the disconnects between the host-based ID and the CVE is that > vulnerability exploitation is only one aspect of monitoring. We also > monitor for behavior deviations, trends, and patterns of misuse such as > abuse of privilege. I've been wondering if the CVE will attempt to address > these or just stick with known vulnerabilities. This is outside of the scope of the CVE, except tangentially when "misuse" includes an attempt to exploit or discover a vulnerability. This is a known and expected limitation of the CVE with respect to IDS systems; it only attempts to standardize on one part of the problem. But there's nothing stopping (someone) from attempting to create a Common Signature Enumeration or somesuch; as you probably know, the CIDF people have actually have been developing such a beast, although from my outsider's perspective it doesn't appear like CIDF as a whole is quite ready to use it yet. - Steve
- Follow-Ups:
- Re: Survey: Use of Same Attack/Same Codebase content decision in VDB's
- From: Stuart Staniford-Chen <stuart@silicondefense.com>
- Re: Survey: Use of Same Attack/Same Codebase content decision in VDB's
- Prev by Date: Re: Level of Abstraction Issue: Similar Applications, "Same" Vulnerability
- Next by Date: Re: Vendor disclosure to ICSA IDC
- Prev by thread: RE: Survey: Use of Same Attack/Same Codebase content decision in VDB's
- Next by thread: Re: Survey: Use of Same Attack/Same Codebase content decision in VDB's
- Index(es):
