[OVAL DEVELOPER] Latest Updates on Website

Sunil Pagare pagare.sunil at gmail.com
Fri Nov 20 01:05:24 EST 2015


Hi All,

May I know the guidelines / steps / tools to create the OVAL definitions
for Microsoft products? So, that I can contribute to submit OVAL definition
for Microsoft products.

Best Regards,
Sunil

On Fri, Nov 6, 2015 at 10:17 AM, Sunil Pagare <pagare.sunil at gmail.com>
wrote:

> Thanks David for informing.
>
> On Thu, Nov 5, 2015 at 9:15 PM, David Ries <ries at jovalcm.com> wrote:
>
>> Hi Sunil,
>>
>> I just wanted to respond and say that I didn’t have any information for
>> you.
>>
>> The OVAL Repository is a community-driven effort. For our part here at
>> Joval, we contribute to the repository by developing processes and
>> automation tools but have not historically contributed content. And, there
>> are no formal commitments or timelines that I know of by other individuals
>> or organizations to develop and contribute content. The repository has 10s
>> of 1000s of high-quality definitions and is growing by the day, but it all
>> seems to be relatively organic and informal.
>>
>> If there is a particularly piece (or category) of content that you want,
>> you can develop it yourself and contribute it (the mailing list will help
>> you) or perhaps someone else on the list will volunteer to create it.
>>
>> -David
>>
>> On Nov 4, 2015, at 10:02 PM, Sunil Pagare <pagare.sunil at GMAIL.COM
>> <pagare.sunil at gmail.com>> wrote:
>>
>> Hello,
>>
>> Would you please share the details (product list and time line if any)
>> about vulnerabilities submission for products on windows platforms so, that
>> it will help us a lot.
>>
>> Best Regards,
>> Sunil
>>
>> On Tue, Nov 3, 2015 at 8:53 AM, Sunil Pagare <pagare.sunil at gmail.com>
>> wrote:
>>
>>> Hello David,
>>>
>>> The vulnerability definitions for Microsoft patch Tuesday are not being
>>> submitted to OVAL repository right now, but it is only for Microsoft
>>> products not for other products like Adobe, Java etc. for Windows platform.
>>> Can you provide details for this?
>>>
>>> Best Regards,
>>> Sunil
>>>
>>> On Mon, Nov 2, 2015 at 1:05 PM, Sunil Pagare <pagare.sunil at gmail.com>
>>> wrote:
>>>
>>>> Hello David,
>>>>
>>>> Thanks for the information.
>>>>
>>>> Best Regards,
>>>> Sunil
>>>>
>>>> On Mon, Nov 2, 2015 at 10:51 AM, David Ries <ries at jovalcm.com> wrote:
>>>>
>>>>> Hi Sunil and Suraj,
>>>>>
>>>>> There was an issue with updates to the repo not appearing on the
>>>>> website. That has been fixed, as Stephen noted.
>>>>>
>>>>> However, I think you are asking about a different problem. Since the
>>>>> transition, definitions for Microsoft Patch Tuesday have not been
>>>>> contributed by the community. The organization that had been contributing
>>>>> these definitions to the MITRE repository stopped contributing them without
>>>>> giving the community any advance notice. This was discussed on the last
>>>>> OVAL Board call and we are actively working to find an organization willing
>>>>> to take over creating and contributing this content.
>>>>>
>>>>> Best,
>>>>> David
>>>>>
>>>>> On Nov 1, 2015, at 11:00 PM, Sunil Pagare <pagare.sunil at GMAIL.COM
>>>>> <pagare.sunil at gmail.com>> wrote:
>>>>>
>>>>> Thanks Stephen for updating.
>>>>>
>>>>> May I know by when this latest update issue will be fixed?
>>>>>
>>>>> Best Regards,
>>>>> Sunil
>>>>>
>>>>>
>>>>>
>>>>> On Sat, Oct 31, 2015 at 10:16 AM, Suraj Krishnaswami <
>>>>> suraj.krishnaswami at gmail.com> wrote:
>>>>>
>>>>>> Hi Stephen,
>>>>>>
>>>>>> I have the same concern. I saw the issue reported (
>>>>>> https://github.com/CISecurity/OVALRepo/issues/133). However, i am
>>>>>> not able to see any pull request sent, even after the microsoft patch
>>>>>> tuesday. So is it that, new definitions are not being submmited for
>>>>>> microsoft?
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Fri, Oct 30, 2015 at 5:44 PM, Stephen Keller <
>>>>>> Stephen.Keller at cisecurity.org> wrote:
>>>>>>
>>>>>>> Hi Sunil,
>>>>>>>
>>>>>>> We are currently working on an issue regarding the latest updates
>>>>>>> within the repository. We should have a fix in the near future.
>>>>>>>
>>>>>>> Thanks,
>>>>>>>
>>>>>>> *Stephen Keller*
>>>>>>> *Sr. Application Development Specialist*
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> *IT Center for Internet Security (518) 880-0720 www.cisecurity.org
>>>>>>> <http://cisecurity.org/> Follow us @CISecurity*
>>>>>>> On 10/30/2015 12:28 AM, Sunil Pagare wrote:
>>>>>>>
>>>>>>> Hello All,
>>>>>>>
>>>>>>> I've seemed that after transition from MITRE to CIS, the new or
>>>>>>> modified vulnerability definitions for windows platform are being submitted
>>>>>>> very less. So, I want to know about latest updates for the new or modified
>>>>>>> vulnerability definitions.
>>>>>>>
>>>>>>> Best Regards,
>>>>>>> Sunil
>>>>>>>
>>>>>>> On Wed, Oct 28, 2015 at 3:38 PM, Sunil Pagare <
>>>>>>> pagare.sunil at gmail.com> wrote:
>>>>>>>
>>>>>>>> Hello,
>>>>>>>>
>>>>>>>> For OVAL repository on CISecurity site, it never shows latest
>>>>>>>> updates of any class. Only it shows for last 90 to 120 days.
>>>>>>>>
>>>>>>>> I want to know that whether the latest updates for Vulnerability is
>>>>>>>> supported. If yes, how I can access the latest updates.
>>>>>>>>
>>>>>>>> Awaiting for your feedback.
>>>>>>>>
>>>>>>>> Best Regards,
>>>>>>>> Sunil
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> ...
>>>>>>>
>>>>>>> ...
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> OVAL_Developer mailing listOVAL_Developer at lists.cisecurity.orghttp://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org
>>>>>>>
>>>>>>>
>>>>>>> This message and attachments may contain confidential information.
>>>>>>> If it appears that this message was sent to you by mistake, any retention,
>>>>>>> dissemination, distribution or copying of this message and attachments is
>>>>>>> strictly prohibited. Please notify the sender immediately and permanently
>>>>>>> delete the message and any attachments.
>>>>>>> . . .
>>>>>>>
>>>>>>> ...
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> OVAL_Developer mailing list
>>>>>>> OVAL_Developer at lists.cisecurity.org
>>>>>>>
>>>>>>> http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>> ...
>>>>> _______________________________________________
>>>>> OVAL_Developer mailing list
>>>>> OVAL_Developer at lists.cisecurity.org
>>>>>
>>>>> http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org
>>>>>
>>>>>
>>>>> *David E. Ries*
>>>>> Co-Founder, Business Development
>>>>> ries at jovalcm.com
>>>>>
>>>>> [image: Joval Continuous Monitoring] <http://jovalcm.com/>
>>>>>
>>>>> [image: Facebook] <https://www.facebook.com/jovalcm> [image: Linkedin]
>>>>> <https://www.linkedin.com/company/joval-continuous-monitoring>
>>>>>
>>>>>
>>>>
>>>
>>
>> *David E. Ries*
>> Co-Founder, Business Development
>> ries at jovalcm.com
>>
>> [image: Joval Continuous Monitoring] <http://jovalcm.com>
>>
>> [image: Facebook] <https://www.facebook.com/jovalcm> [image: Linkedin]
>> <https://www.linkedin.com/company/joval-continuous-monitoring>
>>
>>
>

...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cisecurity.org/pipermail/oval_developer_lists.cisecurity.org/attachments/20151120/e5a41812/attachment-0002.html>


More information about the OVAL_Developer mailing list