OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

was message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Additions to EVDL Overview Document

Hello everyone,

As discussed in the last conf. call, several people are working on 
additional chapters.

I placed the modified document in:
I expect this document to be updated again in the next few days by 
others, we'll keep old revisions available in
http://www.evdl.net/old/doc  for reference.

Here is a summary of modifications:

- Added content for Chapter 2.4 and 4
- Added a new chapter:
5    Extending EVDL to new security domains.

EVDL proposes to support embedding documents that support new 
application security domains and define new application security domain 
schema descriptions in the future.
A necessary condition to include new schemas would be if developers of 
security domains use EVDL metadata and profile in a manner similar to 
example 2.5 and thus avoid duplication of generic security constructs 
used in metadata (including ID, license, history) and profile (including 
classification i.e. vulnTypes and riskRanking).

When editing the new chapters, I found some minor inconsistencies in the 
schema, therefore I propose the following additional modifications:
- cleanup thread data - make informational/warning/... enum instead of 
arbitrary string
- protect should use something like "EVDLID" instead of "id" to make 
clear what it refers to
- look at xml:id and use it in metadata if appropriate
- replace "recipe" by "protect" to better represent this is a protect 
- in overview doc, fix System Impact graph - correct typo (need original 
picture from Mark Curphey)


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]