[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Additions to EVDL Overview Document
Hello everyone, As discussed in the last conf. call, several people are working on additional chapters. I placed the modified document in: http://www.evdl.net/latest/doc/EVDL-0.1-draft.doc I expect this document to be updated again in the next few days by others, we'll keep old revisions available in http://www.evdl.net/old/doc for reference. Here is a summary of modifications: - Added content for Chapter 2.4 and 4 - Added a new chapter: 5 Extending EVDL to new security domains. EVDL proposes to support embedding documents that support new application security domains and define new application security domain schema descriptions in the future. A necessary condition to include new schemas would be if developers of security domains use EVDL metadata and profile in a manner similar to example 2.5 and thus avoid duplication of generic security constructs used in metadata (including ID, license, history) and profile (including classification i.e. vulnTypes and riskRanking). ------ When editing the new chapters, I found some minor inconsistencies in the schema, therefore I propose the following additional modifications: - cleanup thread data - make informational/warning/... enum instead of arbitrary string - protect should use something like "EVDLID" instead of "id" to make clear what it refers to - look at xml:id and use it in metadata if appropriate - replace "recipe" by "protect" to better represent this is a protect component - in overview doc, fix System Impact graph - correct typo (need original picture from Mark Curphey) Peter
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]