[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [was] The ID generation issue
Peter Michalek wrote: > >> Well, I'd really like to see the parts be independent from each >> other. Otherwise I don't see who will adopt them as standard. >> Vulnerability scanner people are not interested in metadata or >> protect. Web application firewall people are not interested in >> anything but Protect. And so on... > > I think in general all "security domain" providers will be intersted in > the generic parts: profile and metadata. That's why we must seek their active participation as soon as we come out with a draft of some kind. > However, we still need to provide a way to reference another instance by > ID - which we already do in the schema (we need to make sure this sample > validates, I just posted it): > > http://www.evdl.net/latest/examples/example-protect-by-ref-1.xml Hmm, where is the reference in this example? The ID? Or did you mean the other example: http://www.evdl.net/latest/examples/example-protect-by-ref-url-1.xml Either way, Protect (Detect & SCA too) needs a way to reference entries in other vulnerability databases. For example: <recipe ...> <references> <reference publisher="bugtraq" id="133" /> <reference publisher="cve" id="1999-0060" /> <reference publisher="other" id="http://security.e-matters.de/advisories/112004.html" /> </references> ... </recipe> (I am aware of the references section in the Profile part, this is just an example.) I am struggling with myself to decide whether any of the SCA, Protect, and Detect parts need to include the Profile part. I can see how the Metadata part is needed so that's fine. But the profile part seems to complex. I'll give the schema a good look and we'll talk about this on Wednesday. -- Ivan Ristic (http://www.modsecurity.org)
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]