Re: Survey: Use of Same Attack/Same Codebase content decision in VDB's

To: cve-review@linus.mitre.org
Subject: Re: Survey: Use of Same Attack/Same Codebase content decision in VDB's
From: "Steven M. Christey" <coley@linus.mitre.org>
Date: Wed, 7 Jul 1999 02:18:09 -0400 (EDT)


Paul Proctor asked:

> One of the disconnects between the host-based ID and the CVE is that
> vulnerability exploitation is only one aspect of monitoring.  We also
> monitor for behavior deviations, trends, and patterns of misuse such as
> abuse of privilege.  I've been wondering if the CVE will attempt to address
> these or just stick with known vulnerabilities.

This is outside of the scope of the CVE, except tangentially when
"misuse" includes an attempt to exploit or discover a vulnerability.

This is a known and expected limitation of the CVE with respect to IDS
systems; it only attempts to standardize on one part of the problem.
But there's nothing stopping (someone) from attempting to create a
Common Signature Enumeration or somesuch; as you probably know, the
CIDF people have actually have been developing such a beast, although
from my outsider's perspective it doesn't appear like CIDF as a whole
is quite ready to use it yet.

- Steve

Follow-Ups:
- Re: Survey: Use of Same Attack/Same Codebase content decision in VDB's
  - From: Stuart Staniford-Chen <stuart@silicondefense.com>

Prev by Date: Re: Level of Abstraction Issue: Similar Applications, "Same" Vulnerability
Next by Date: Re: Vendor disclosure to ICSA IDC
Prev by thread: RE: Survey: Use of Same Attack/Same Codebase content decision in VDB's
Next by thread: Re: Survey: Use of Same Attack/Same Codebase content decision in VDB's
Index(es):
- Date
- Thread

Page Last Updated: May 22, 2007

Common Vulnerabilities and Exposures

Re: Survey: Use of Same Attack/Same Codebase content decision in VDB's