[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [was] The ID generation issue
Ivan Ristic wrote:
> Jeff Williams wrote:
>
>> I agree with the idea to delete the date from the ID. I also like
>> the idea behind the URI approach to ID's. But I think that the ID
>> should be separate from the location of the repository where the evdl
>> entries are stored.
>> http://repository.com/evdl/thinkingstone/protect/123456
>
>
> You want to separate the functions of publishers and repositories?
> That's a good point. I agree.
>
>
>> Your point about different parts of the EVDL having different IDs is
>> interesting.
>
>
> Well, I'd really like to see the parts be independent from each
> other. Otherwise I don't see who will adopt them as standard.
> Vulnerability scanner people are not interested in metadata or
> protect. Web application firewall people are not interested in
> anything but Protect. And so on...
I think in general all "security domain" providers will be intersted in
the generic parts: profile and metadata.
However, we still need to provide a way to reference another instance by
ID - which we already do in the schema (we need to make sure this sample
validates, I just posted it):
http://www.evdl.net/latest/examples/example-protect-by-ref-1.xml
Also, to support direct retrieval from a repository, we could add
location attribute in recipe tag, e.g. like this:
<recipe
location="http://www.evdl.net/evdldb?id=magnolia-9E9BC8AD2338EBBBF6986C4255409A6D";
id="magnolia-9E9BC8AD2338EBBBF6986C4255409A6D">
---
<?xml version="1.0" encoding="UTF-8"?>
<evdl xmlns="http://www.oasis.org/evdl-0.1";
xmlns:xp="http://www.oasis.org/evdl-0.1-protect";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://www.oasis.org/evdl-0.1
C:\was\112404\evdl-0.1.xsd">
<!-- to do: provide URL to database -->
<recipe
location="http://www.evdl.net/evdldb?id=magnolia-9E9BC8AD2338EBBBF6986C4255409A6D";
id="magnolia-9E9BC8AD2338EBBBF6986C4255409A6D">
<ruleSet stage="requestHeaders" action="error" condition="and">
<rule
operator="eq"
args="request.params.username"
pattern="admin"
/>
<rule
operator="ipmatch"
args="request.remote_addr"
pattern="192.168.0.9/24"
/>
</ruleSet>
</recipe>
</evdl>
>
> Take me, for example. I am prepared to convert my ModSecurity Rule
> Database to store EVDL Protect rules. I can probably afford to
> create Protect entries but I don't have resources to deal with
> the other parts. For me, the ideal thing would be to reference
> the existing SecurityFocus or Secunia (or some other) vulnerability
> entries.
>
> I would be happy to reference a main EVDL entry somewhere... but
> it doesn't exist.
>
>
>> Personally, I would like to make sure that all the EVDL parts related
>> to a single vulnerability can be correlated somehow.
>
>
> Agreed, but what is a single vulnerability? It would be great if
> we could fund an EVDL vulnerability database effort but I don't
> think that's likely to happen. Otherwise if you don't have
> a single metadata entry then how are you going to find part
> instances that relate to the same problem?
>
> The best approach I can think of is to specify a search mechanism
> and to use various search criteria: vendor, product name, product URL,
> product version come to mind. External references could be useful
> too. E.g. "show me all entries related to PHPBB, version 4.0.10".
>
> It would be the job of the repository to index the entries and
> to produce search results.
>
> After considerable consideration I believe the following is the
> only feasible solution:
>
> tstone-01234
>
> for the main entry and:
>
> tstone-01234-protect
>
> for other EVDL parts.
>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]