OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

avdl message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Groups - AVDLschema.xsd uploaded

The document AVDLschema.xsd has been submitted by Srinivas Mantripragada (srinivas@netcontinuum.com) to the Application Vulnerability Description Language TC document repository.

Document Description:
This is in continuation with some of the topics that were discussed in last meeting.

Ref: Original Kevin Heineman mail:

Continued the discussion regarding the information that should be contained within the standard. The following items were discussed:

1) Discussed the possibility of splitting the standard into 4 sections of information.  The sections are version, test description, content type (e.g., request and response), and block schema or fix methodology.  Srinivas Mantripragada will post an example of this format to the AVDL site for
people to review and comment.  Some of the fields that should be included in the content type section are Web Server, OS, Date vulnerability was found, Date ID was entered, Reference to Bug Track, URL pointer to get reference info, WebServer Tag, Host Tag, File extension type, Test
description (not part of the  request type), raw request and raw response.


The top-level suggestion is to have 4 main sections of information containers.

(1) Version
(2) TestDescription
(3) SessionDetails
(4) FixMethodology

(1) Version provides the information state on  the specific vulnerability.
(2) TestDescription provides details on the environment under which this vulnerability applies.
(3) SessionDetails provides specific request-header, response-header and vulnerability information.
(4) FixMethodology contains schemas to provide necessary information to remediary engines, block engines, user fixes etc.


Attached is a preliminary schema. More details in today's meeting.

thx,

-Srinivas


Download Document:  
http://www.oasis-open.org/apps/org/workgroup/avdl/download.php/2778/AVDLschema.xsd

View Document Details:
http://www.oasis-open.org/apps/org/workgroup/avdl/document.php?document_id=2778


PLEASE NOTE:  If the above links do not work for you, your email application
may be breaking the link into two pieces.  You may be able to copy and paste
the entire link address into the address field of your web browser.

-OASIS Open Administration

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]