[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Notes on WAS Face to Face
As you will know from the notifications I have uploaded the meeting minutes from last weeks face to face and the updated working schema. It was a great meeting and we are making real progress. I am fairly confident we can publish the drafts of meta-data and profile as well the supporting documents before the end of April. The supporting documents will be; OASIS WAS Thesaurus (using VulnTypes) - this is the classification scheme OASIS WAS Vision Document OASIS WAS Core Schema Documented For those who don't read the minutes or look at the schema, I think some of the important schema is below. This will allow for rich metrics and measurement programs to be created by using the categories. <xsd:simpleType name="vulnList"> <xsd:restriction base="xsd:string"> <xsd:enumeration value="AccessControl" /> <xsd:enumeration value="ConfigurationManagement" /> <xsd:enumeration value="ConfigurationManagement.Administration" /> <xsd:enumeration value="ConfigurationManagement.Application" /> <xsd:enumeration value="ConfigurationManagement.Infrastructure" /> <xsd:enumeration value="IntegerOverflow" /> <xsd:enumeration value="DataProtection" /> <xsd:enumeration value="DataProtection.Storage" /> <xsd:enumeration value="DataProtection.Transport" /> <xsd:enumeration value="InputValidation" /> <xsd:enumeration value="InputValidation.User" /> <xsd:enumeration value="InputValidation.Network" /> <xsd:enumeration value="InputValidation.File" /> <xsd:enumeration value="Concurrency" /> <xsd:enumeration value="AppDOS" /> <xsd:enumeration value="AppDOS.Flood" /> <xsd:enumeration value="AppDOS.Lockout" /> <xsd:enumeration value="BufferOverflow.Heap" /> <xsd:enumeration value="BufferOverflow.Stack" /> <xsd:enumeration value="BufferOverflow.Format" /> <xsd:enumeration value="Injection" /> <xsd:enumeration value="Injection.OS" /> <xsd:enumeration value="Injection.SQL" /> <xsd:enumeration value="Injection.HTML" /> <xsd:enumeration value="Injection.OSCommand" /> <xsd:enumeration value="Injection.LDAP" /> <xsd:enumeration value="Injection.XSS" /> <xsd:enumeration value="ErrorHandling" /> <xsd:enumeration value="Monitoring" /> <xsd:enumeration value="Monitoring.Logging" /> <xsd:enumeration value="Monitoring.Detection" /> <xsd:enumeration value="Cryptography" /> <xsd:enumeration value="Cryptography.Algorithm" /> <xsd:enumeration value="Cryptography.KeyManagement" /> <xsd:enumeration value="Authentication" /> <xsd:enumeration value="Authentication.User" /> <xsd:enumeration value="Authentication.UserManagement" /> <xsd:enumeration value="Authentication.Entity" /> <xsd:enumeration value="Authentication.SessionManagement" /> </xsd:restriction> </xsd:simpleType> <xsd:simpleType name="appType"> <xsd:restriction base="xsd:string"> <xsd:enumeration value="client-server" /> <xsd:enumeration value="web service" /> <xsd:enumeration value="standalone" /> <xsd:enumeration value="p2p" /> <xsd:enumeration value="web application" /> <xsd:enumeration value="server" /> <xsd:enumeration value="client" /> <xsd:enumeration value="mainframe" /> </xsd:restriction> </xsd:simpleType> <xsd:simpleType name="rootCauseType"> <xsd:restriction base="xsd:string"> <xsd:enumeration value="software defect" /> <xsd:enumeration value="config" /> </xsd:restriction> </xsd:simpleType> <xsd:simpleType name="RelatedProcesses"> <xsd:restriction base="xsd:string"> <xsd:enumeration value="RequirementsAnalysis" /> <xsd:enumeration value="DesignAnalysis" /> <xsd:enumeration value="code" /> <xsd:enumeration value="SecurityTesting" /> <xsd:enumeration value="Deployment" /> </xsd:restriction> </xsd:simpleType> </xsd:schema> Mark Curphey Consulting Director Foundstone, Inc. Strategic Security 949.297.5600 x2070 Tel 781.738.0857 Cell 949.297.5575 Fax http://www.foundstone.com This email may contain confidential and privileged information for the sole use of the intended recipient. Any review or distribution by others is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies of this message. Thank you.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]