The paper introduces MITRE's Making Security Measurable effort by explaining in detail how information security data standards such as CVE, CCE, OVAL, CPE, CAPEC, CWE, and others facilitate both effective security process coordination and the use of automation to assess, manage, and improve the security posture of enterprise security information infrastructures. The paper is available for download on the Making Security Measurable Web site.
LINKS:
"Making Security Measurable and Manageable"
White Paper - http://msm.mitre.org/about/Making_Security_Measurable_and_Manageable.pdf
Making Security Measurable - http://measurablesecurity.mitre.org
MILCOM 2008 - http://www.milcom.org
CVE Calendar - http://cve.mitre.org/news/calendar.html
CVE Mentioned in MITRE News Release about Recommendation Tracker
CVE was mentioned in a December 1, 2008 MITRE news release entitled "MITRE Releases New Security Software" about its new, open source "Recommendation Tracker" software that "facilitates development of automated security benchmarks." "System administrators use benchmarks-essentially a set of recommendations-to securely configure an operating system or software application and then set up automatic testing to ensure proper configuration."
CVE is mentioned when the release notes that Recommendation Tracker is "the latest tool developed by MITRE in the last 10 years to help the security community produce automated, standardized benchmarks" and that four MITRE-run information security data standards -- CVE, CCE, CPE, and OVAL -- are among the six existing standards in the U.S. National Institute of Standards and Technology's (NIST) Security Content Automation Protocol (SCAP) to enable automated vulnerability management, measurement, and policy compliance evaluation.
The release also mentions MITRE's free one-day Benchmark Development Course that instructs attendees how to use MITRE's CCE, OVAL, Recommendation Tracker, and Benchmark Editor, as well as other information assurance standards and tools, to help vendors and security content developers produce good benchmarks more efficiently.
LINKS:
MITRE news release -
http://www.mitre.org/news/releases/08/tracker_12_01_2008.html
Recommendation Tracker software -
http://sourceforge.net/projects/rectracker/
Security Content Automation Protocol (SCAP) - http://nvd.nist.gov/scap.cfm
Benchmark Development Course -
http://www.mitre.org/register2/benchmark/
Read these stories and more news at http://cve.mitre.org/news