[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [was] The ID generation issue
Ivan Ristic wrote: > Jeff Williams wrote: > >> I agree with the idea to delete the date from the ID. I also like >> the idea behind the URI approach to ID's. But I think that the ID >> should be separate from the location of the repository where the evdl >> entries are stored. >> http://repository.com/evdl/thinkingstone/protect/123456 > > > You want to separate the functions of publishers and repositories? > That's a good point. I agree. > > >> Your point about different parts of the EVDL having different IDs is >> interesting. > > > Well, I'd really like to see the parts be independent from each > other. Otherwise I don't see who will adopt them as standard. > Vulnerability scanner people are not interested in metadata or > protect. Web application firewall people are not interested in > anything but Protect. And so on... I think in general all "security domain" providers will be intersted in the generic parts: profile and metadata. However, we still need to provide a way to reference another instance by ID - which we already do in the schema (we need to make sure this sample validates, I just posted it): http://www.evdl.net/latest/examples/example-protect-by-ref-1.xml Also, to support direct retrieval from a repository, we could add location attribute in recipe tag, e.g. like this: <recipe location="http://www.evdl.net/evdldb?id=magnolia-9E9BC8AD2338EBBBF6986C4255409A6D" id="magnolia-9E9BC8AD2338EBBBF6986C4255409A6D"> --- <?xml version="1.0" encoding="UTF-8"?> <evdl xmlns="http://www.oasis.org/evdl-0.1" xmlns:xp="http://www.oasis.org/evdl-0.1-protect" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.oasis.org/evdl-0.1 C:\was\112404\evdl-0.1.xsd"> <!-- to do: provide URL to database --> <recipe location="http://www.evdl.net/evdldb?id=magnolia-9E9BC8AD2338EBBBF6986C4255409A6D" id="magnolia-9E9BC8AD2338EBBBF6986C4255409A6D"> <ruleSet stage="requestHeaders" action="error" condition="and"> <rule operator="eq" args="request.params.username" pattern="admin" /> <rule operator="ipmatch" args="request.remote_addr" pattern="192.168.0.9/24" /> </ruleSet> </recipe> </evdl> > > Take me, for example. I am prepared to convert my ModSecurity Rule > Database to store EVDL Protect rules. I can probably afford to > create Protect entries but I don't have resources to deal with > the other parts. For me, the ideal thing would be to reference > the existing SecurityFocus or Secunia (or some other) vulnerability > entries. > > I would be happy to reference a main EVDL entry somewhere... but > it doesn't exist. > > >> Personally, I would like to make sure that all the EVDL parts related >> to a single vulnerability can be correlated somehow. > > > Agreed, but what is a single vulnerability? It would be great if > we could fund an EVDL vulnerability database effort but I don't > think that's likely to happen. Otherwise if you don't have > a single metadata entry then how are you going to find part > instances that relate to the same problem? > > The best approach I can think of is to specify a search mechanism > and to use various search criteria: vendor, product name, product URL, > product version come to mind. External references could be useful > too. E.g. "show me all entries related to PHPBB, version 4.0.10". > > It would be the job of the repository to index the entries and > to produce search results. > > After considerable consideration I believe the following is the > only feasible solution: > > tstone-01234 > > for the main entry and: > > tstone-01234-protect > > for other EVDL parts. >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]