OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

csaf message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: [OASIS Issue Tracker] (CSAF-6) Analysis of "EISPP Common Advisory Format" and any possible relation to CSAF work products


     [ https://issues.oasis-open.org/browse/CSAF-6?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Stefan Hagen updated CSAF-6:
----------------------------

    Description: 
This issue (task) is one of many similar formal issues formalizing the TCs process to analyse similar work.
It deals with the analysis of the "EISPP Common Advisory Format" (cf. http://www.cert-ist.com/eispp/documents.htm#common_format ),
which has been named explicitedly as similar work in section (2)(a) "Identification of Similar Work" 
of the "OASIS Common Security Advisory Framework (CSAF) Technical Committee Charter" (cf. http://www.oasis-open.org/committees/csaf/charter.php ).

This issue allows us to track and document progress and findings of the CSAF TC of the following:

1. understand and summarize EISPP
2. ensure synergy potentials are identified
3. discussion of the relation to and reaction on EISPP
4. documentation of result

When checked at 2016-11-24 the (HTML format) document tree root referenced existed at the URL http://www.cert-ist.com/eispp/documents.htm#common_format and some bibliographic data identified was:

URL = http://www.cert-ist.com/eispp/documents.htm#common_format
Authors/Editors = N.N. (?)
AuthorInstitution = N.N. / IST / EISPP Consortium (?)
DocumentDate = 2004-05-20

DocumentTitle = VULDEF: The VULnerability Data publication and Exchange Format data model
DocumentStatus == 
"""
  This document describes a corner stone of the EISPP approach towards supplying 
  SMEs with security advisories: a common advisory format, which will enable an easy 
  exchange of advisory data between the four CERTs participating in EISPP. 
  The advisory format merges the best-practice information regarding security 
  advisories of these four CERTs.
"""
DocumentCopyright = "©EISPP Consortium" (!)


Abstract == 
""" (content taken from Executive Summary of LinkedData::Instance[1])
The European Information Security Promotion Programme (EISPP) strives 
to set up a network of expertise with the aim of providing European 
SMEs with those IT Security services that give them the necessary trust 
in e-commerce to develop their businesses in that direction. 
EISPP is a project fund by the EU through the fifth European Framework 
Program within the thematic program Information Society Technologies (IST). 
Further information about EISPP can be found at its website, http://www.eispp.org/.

Probably the most important security service SMEs have to be provided with, 
is an advisory service, i.e., the distribution of so-called security 
advisories that provides system administrators with precise and timely 
information about new vulnerabilities and what can be done against them. 
Such information is absolutely essential for IT security, because new 
vulnerabilities are discovered on a daily basis. IT systems can only 
be kept secure, if they are regularly upgraded or patched such that the 
latest security holes are closed again.

This document describes a corner stone of the EISPP approach towards 
supplying SMEs with security advisories: a common advisory format, 
which will enable an easy exchange of advisory data between the four 
CERTs participating in EISPP. The advisory format merges the best-practice 
information regarding security advisories of these four CERTs.

The format is defined using XML, so the various standards and standard 
tools of the XML-family can be used for advisory processing. 
The XML data-type description of this (and future versions) of the format, 
together with sample XSLT style sheets for displaying advisory data, 
are made publicly available on EISPP's website http://www.eispp.org.
"""

LinkedDataInstanceCount = 3

LinkedData::Instance[1]:
LinkedData = http://www.cert-ist.com/eispp/commonformat_2_0.pdf
LinkedDataDetails = EISPP Common Advisory Format Description
LinkedDataId = EISPP-D3-001-TR
LinkedDataVersion = "2.0"
LinkedDAtaDate = 2004-05-20

LinkedData::Instance[2]:
LinkedData = http://www.cert-ist.com/eispp/valuelist_2_0.pdf
LinkedDataDetails = EISPP Common Advisory Format Description: Value Lists
LinkedDataId = EISPP-D3-001b-TR
LinkedDataVersion = "2.0"
LinkedDAtaDate = 2004-05-20

LinkedData::Instance[3]:
LinkedData = http://www.cert-ist.com/eispp/eispp_v20.dtd.txt
LinkedDataDetails = Linked from entry document, contains dtd implementation of EISPP CAFD
LinkedDataVersion = "2.0"


  was:
This issue (task) is one of many similar formal issues formalizing the TCs process to analyse similar work.
It deals with the analysis of the "EISPP Common Advisory Format" (cf. http://www.cert-ist.com/eispp/documents.htm#common_format ),
which has been named explicitedly as similar work in section (2)(a) "Identification of Similar Work" 
of the "OASIS Common Security Advisory Framework (CSAF) Technical Committee Charter" (cf. http://www.oasis-open.org/committees/csaf/charter.php ).

This issue allows us to track and document progress and findings of the CSAF TC of the following:

1. understand and summarize EISPP
2. ensure synergy potentials are identified
3. discussion of the relation to and reaction on EISPP
4. documentation of result

When checked at 2016-11-24 the (HTML format) document tree root referenced existed at the URL http://www.cert-ist.com/eispp/documents.htm#common_format and some bibliographic data identified was:

URL = http://www.cert-ist.com/eispp/documents.htm#common_format
Authors/Editors = N.N. (?)
AuthorInstitution = N.N. / IST / EISPP Consortium (?)
DocumentDate = 2004-05-20

DocumentTitle = VULDEF: The VULnerability Data publication and Exchange Format data model
DocumentStatus = "This document describes a corner stone of the EISPP approach towards supplying SMEs with security advisories: a common advisory format, which will enable an easy exchange of advisory data between the four CERTs participating in EISPP. The advisory format merges the best-practice information regarding security advisories of these four CERTs."
DocumentCopyright = "©EISPP Consortium" (!)


Abstract == 
""" (content taken from Executive Summary of LinkedData::Instance[1])
The European Information Security Promotion Programme (EISPP) strives 
to set up a network of expertise with the aim of providing European 
SMEs with those IT Security services that give them the necessary trust 
in e-commerce to develop their businesses in that direction. 
EISPP is a project fund by the EU through the fifth European Framework 
Program within the thematic program Information Society Technologies (IST). 
Further information about EISPP can be found at its website, http://www.eispp.org/.

Probably the most important security service SMEs have to be provided with, 
is an advisory service, i.e., the distribution of so-called security 
advisories that provides system administrators with precise and timely 
information about new vulnerabilities and what can be done against them. 
Such information is absolutely essential for IT security, because new 
vulnerabilities are discovered on a daily basis. IT systems can only 
be kept secure, if they are regularly upgraded or patched such that the 
latest security holes are closed again.

This document describes a corner stone of the EISPP approach towards 
supplying SMEs with security advisories: a common advisory format, 
which will enable an easy exchange of advisory data between the four 
CERTs participating in EISPP. The advisory format merges the best-practice 
information regarding security advisories of these four CERTs.

The format is defined using XML, so the various standards and standard 
tools of the XML-family can be used for advisory processing. 
The XML data-type description of this (and future versions) of the format, 
together with sample XSLT style sheets for displaying advisory data, 
are made publicly available on EISPP's website http://www.eispp.org.
"""

LinkedDataInstanceCount = 3

LinkedData::Instance[1]:
LinkedData = http://www.cert-ist.com/eispp/commonformat_2_0.pdf
LinkedDataDetails = EISPP Common Advisory Format Description
LinkedDataId = EISPP-D3-001-TR
LinkedDataVersion = "2.0"
LinkedDAtaDate = 2004-05-20

LinkedData::Instance[2]:
LinkedData = http://www.cert-ist.com/eispp/valuelist_2_0.pdf
LinkedDataDetails = EISPP Common Advisory Format Description: Value Lists
LinkedDataId = EISPP-D3-001b-TR
LinkedDataVersion = "2.0"
LinkedDAtaDate = 2004-05-20

LinkedData::Instance[3]:
LinkedData = http://www.cert-ist.com/eispp/eispp_v20.dtd.txt
LinkedDataDetails = Linked from entry document, contains dtd implementation of EISPP CAFD
LinkedDataVersion = "2.0"



> Analysis of "EISPP Common Advisory Format" and any possible relation to CSAF work products
> ------------------------------------------------------------------------------------------
>
>                 Key: CSAF-6
>                 URL: https://issues.oasis-open.org/browse/CSAF-6
>             Project: OASIS Common Security Advisory Framework (CSAF) TC
>          Issue Type: Task
>         Environment: [New]
>            Reporter: Stefan Hagen
>            Priority: Critical
>              Labels: similar_work
>
> This issue (task) is one of many similar formal issues formalizing the TCs process to analyse similar work.
> It deals with the analysis of the "EISPP Common Advisory Format" (cf. http://www.cert-ist.com/eispp/documents.htm#common_format ),
> which has been named explicitedly as similar work in section (2)(a) "Identification of Similar Work" 
> of the "OASIS Common Security Advisory Framework (CSAF) Technical Committee Charter" (cf. http://www.oasis-open.org/committees/csaf/charter.php ).
> This issue allows us to track and document progress and findings of the CSAF TC of the following:
> 1. understand and summarize EISPP
> 2. ensure synergy potentials are identified
> 3. discussion of the relation to and reaction on EISPP
> 4. documentation of result
> When checked at 2016-11-24 the (HTML format) document tree root referenced existed at the URL http://www.cert-ist.com/eispp/documents.htm#common_format and some bibliographic data identified was:
> URL = http://www.cert-ist.com/eispp/documents.htm#common_format
> Authors/Editors = N.N. (?)
> AuthorInstitution = N.N. / IST / EISPP Consortium (?)
> DocumentDate = 2004-05-20
> DocumentTitle = VULDEF: The VULnerability Data publication and Exchange Format data model
> DocumentStatus == 
> """
>   This document describes a corner stone of the EISPP approach towards supplying 
>   SMEs with security advisories: a common advisory format, which will enable an easy 
>   exchange of advisory data between the four CERTs participating in EISPP. 
>   The advisory format merges the best-practice information regarding security 
>   advisories of these four CERTs.
> """
> DocumentCopyright = "©EISPP Consortium" (!)
> Abstract == 
> """ (content taken from Executive Summary of LinkedData::Instance[1])
> The European Information Security Promotion Programme (EISPP) strives 
> to set up a network of expertise with the aim of providing European 
> SMEs with those IT Security services that give them the necessary trust 
> in e-commerce to develop their businesses in that direction. 
> EISPP is a project fund by the EU through the fifth European Framework 
> Program within the thematic program Information Society Technologies (IST). 
> Further information about EISPP can be found at its website, http://www.eispp.org/.
> Probably the most important security service SMEs have to be provided with, 
> is an advisory service, i.e., the distribution of so-called security 
> advisories that provides system administrators with precise and timely 
> information about new vulnerabilities and what can be done against them. 
> Such information is absolutely essential for IT security, because new 
> vulnerabilities are discovered on a daily basis. IT systems can only 
> be kept secure, if they are regularly upgraded or patched such that the 
> latest security holes are closed again.
> This document describes a corner stone of the EISPP approach towards 
> supplying SMEs with security advisories: a common advisory format, 
> which will enable an easy exchange of advisory data between the four 
> CERTs participating in EISPP. The advisory format merges the best-practice 
> information regarding security advisories of these four CERTs.
> The format is defined using XML, so the various standards and standard 
> tools of the XML-family can be used for advisory processing. 
> The XML data-type description of this (and future versions) of the format, 
> together with sample XSLT style sheets for displaying advisory data, 
> are made publicly available on EISPP's website http://www.eispp.org.
> """
> LinkedDataInstanceCount = 3
> LinkedData::Instance[1]:
> LinkedData = http://www.cert-ist.com/eispp/commonformat_2_0.pdf
> LinkedDataDetails = EISPP Common Advisory Format Description
> LinkedDataId = EISPP-D3-001-TR
> LinkedDataVersion = "2.0"
> LinkedDAtaDate = 2004-05-20
> LinkedData::Instance[2]:
> LinkedData = http://www.cert-ist.com/eispp/valuelist_2_0.pdf
> LinkedDataDetails = EISPP Common Advisory Format Description: Value Lists
> LinkedDataId = EISPP-D3-001b-TR
> LinkedDataVersion = "2.0"
> LinkedDAtaDate = 2004-05-20
> LinkedData::Instance[3]:
> LinkedData = http://www.cert-ist.com/eispp/eispp_v20.dtd.txt
> LinkedDataDetails = Linked from entry document, contains dtd implementation of EISPP CAFD
> LinkedDataVersion = "2.0"



--
This message was sent by Atlassian JIRA
(v6.2.2#6258)


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]