[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CVE-related events at SANS-NS '99
All: Below is my writeup of various events that occurred at last week's SANS rollout. I believe it was highly successful, but it also emphasized how much work we have left to do. Other Board members who attended SANS, please send your own comments to the list so that we can begin to prioritize our next activities. - Steve ******* CVE at SANS ******** CVE in SANS addresses --------------------- 1) Dr. Jeffrey Hunker, Senior Director for Critical Infrastructure at the White House National Security Council, gave a keynote address that discussed the CVE Initiative as a positive step toward effective collaboration across the community. 2) Steve Northcutt and Alan Paller both described CVE and its use several times during various SANS courses. CVE Exhibit ----------- 1) Throughout the two-day vendor exhibit, anywhere from 1 to 6 Board members were present at the CVE Booth. Each participant wore their own "company uniform" and a "We Speak CVE" button. 2) "Do you speak CVE?" buttons were made available to the attendees. While we don't know how many were given out, I believe that between 1/10 and 1/5 of all attendees were wearing the button by the end of the second day. CVE in IDNet ------------ 1) New vulnerabilities or exposures which were successfully exploited during IDNet were assigned new CVE candidate numbers. While I am still obtaining the details for some entries, I expect to have 2 or 3 new candidates as a result of IDNet. 2) Two presentations of CVE were given during the Intrusion Detection Demonstration Network (IDNet), a test network which allowed "hackers" to attempt to break into some systems while various vendors' IDSes watched for the intrusions. Thanks go to Chris Pettit (IDNet chair) and Steve Northcutt for providing these time slots. 3) During these times, attacks were conducted that were related to about half of the original 25 Interoperability Demo CVE entries. Thanks go to Eric Cole, Marty Roesch, and Dave Elfering who performed the attacks. 4) At a BoF summarizing IDNet, I gave another discussion of CVE and presented how well the IDses detected 8 of the CVE-related attacks (the analysis revealed some gaps). These results were also useful to at least some of the participating IDS vendors. This BoF brought up a number of related technical and organizational issues that I will describe in the next email. Consultations with Interested Parties ------------------------------------- 1) Throughout the SANS conference, Dave Mann and I, and no doubt others, had a few consultations with parties who were interested in participating in CVE (e.g. tool vendors and consulting agencies). The excitement that CVE has generated, and the interests of many organizations in participating, requires that we re-evaluate the structure of the Board, membership process, roles and requirements, etc.