OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

was message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Notes on WAS Face to Face

As you will know from the notifications I have uploaded the meeting
minutes from last weeks face to face and the updated working schema.

It was a great meeting and we are making real progress. I am fairly
confident we can publish the drafts of meta-data and profile as well the
supporting documents before the end of April.

The supporting documents will be;

OASIS WAS Thesaurus (using VulnTypes) - this is the classification
OASIS WAS Vision Document
OASIS WAS Core Schema Documented

For those who don't read the minutes or look at the schema, I think some
of the important schema is below. This will allow for rich metrics and
measurement programs to be created by using the categories. 

	<xsd:simpleType name="vulnList">
		<xsd:restriction base="xsd:string">
			<xsd:enumeration value="AccessControl" />
			<xsd:enumeration value="ConfigurationManagement"
value="ConfigurationManagement.Administration" />
value="ConfigurationManagement.Application" />
value="ConfigurationManagement.Infrastructure" />
			<xsd:enumeration value="IntegerOverflow" />
			<xsd:enumeration value="DataProtection" />
			<xsd:enumeration value="DataProtection.Storage"
value="DataProtection.Transport" />
			<xsd:enumeration value="InputValidation" />
			<xsd:enumeration value="InputValidation.User" />
			<xsd:enumeration value="InputValidation.Network"
			<xsd:enumeration value="InputValidation.File" />
			<xsd:enumeration value="Concurrency" />
			<xsd:enumeration value="AppDOS" />
			<xsd:enumeration value="AppDOS.Flood" />
			<xsd:enumeration value="AppDOS.Lockout" />
			<xsd:enumeration value="BufferOverflow.Heap" />
			<xsd:enumeration value="BufferOverflow.Stack" />
			<xsd:enumeration value="BufferOverflow.Format"
			<xsd:enumeration value="Injection" />
			<xsd:enumeration value="Injection.OS" />
			<xsd:enumeration value="Injection.SQL" />
			<xsd:enumeration value="Injection.HTML" />
			<xsd:enumeration value="Injection.OSCommand" />
			<xsd:enumeration value="Injection.LDAP" />
			<xsd:enumeration value="Injection.XSS" />
			<xsd:enumeration value="ErrorHandling" />
			<xsd:enumeration value="Monitoring" />
			<xsd:enumeration value="Monitoring.Logging" />
			<xsd:enumeration value="Monitoring.Detection" />
			<xsd:enumeration value="Cryptography" />
			<xsd:enumeration value="Cryptography.Algorithm"
value="Cryptography.KeyManagement" />
			<xsd:enumeration value="Authentication" />
			<xsd:enumeration value="Authentication.User" />
value="Authentication.UserManagement" />
			<xsd:enumeration value="Authentication.Entity"
value="Authentication.SessionManagement" />
	<xsd:simpleType name="appType">
		<xsd:restriction base="xsd:string">
			<xsd:enumeration value="client-server" />
			<xsd:enumeration value="web service" />
			<xsd:enumeration value="standalone" />
			<xsd:enumeration value="p2p" />
			<xsd:enumeration value="web application" />
			<xsd:enumeration value="server" />
			<xsd:enumeration value="client" />
			<xsd:enumeration value="mainframe" />
	<xsd:simpleType name="rootCauseType">
		<xsd:restriction base="xsd:string">
			<xsd:enumeration value="software defect" />
			<xsd:enumeration value="config" />
	<xsd:simpleType name="RelatedProcesses">
		<xsd:restriction base="xsd:string">
			<xsd:enumeration value="RequirementsAnalysis" />
			<xsd:enumeration value="DesignAnalysis" />
			<xsd:enumeration value="code" />
			<xsd:enumeration value="SecurityTesting" />
			<xsd:enumeration value="Deployment" />

Mark Curphey
Consulting Director
Foundstone, Inc.
Strategic Security

949.297.5600 x2070 Tel 
781.738.0857 Cell
949.297.5575 Fax 


This email may contain confidential and privileged information for the
sole use of the intended recipient. Any review or distribution by others
is strictly prohibited. If you are not the intended recipient, please
contact the sender and delete all copies of this message. Thank you. 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]