[OVAL DEVELOPER] [OVAL REPOSITORY] Latest Updates on Website

Chua, Alexander AChua at dtcc.com
Wed Dec 9 05:35:27 EST 2015


Hi All,

Good day.

I would like to ask, how does the generator, and oval_repository elements in the OVAL definition file being populated? Is there a tool for it?
And also for the IDs, how does it being uniquely generated?

Hi William,

May I know the guidelines or procedures in submitting an OVAL definition file via email?

Thank you so much.

Regards,
Alex


From: OVAL_Developer [mailto:oval_developer-bounces at lists.cisecurity.org] On Behalf Of Sunil Pagare
Sent: Wednesday, November 25, 2015 12:23 PM
To: William Munyan
Cc: oval_developer at lists.cisecurity.org; oval_repository at lists.cisecurity.org
Subject: Re: [OVAL DEVELOPER] [OVAL REPOSITORY] Latest Updates on Website

Thanks William for the information.

Regards,
Sunil

On Tue, Nov 24, 2015 at 6:03 PM, William Munyan <William.Munyan at cisecurity.org<mailto:William.Munyan at cisecurity.org>> wrote:
Hi Sunil,
Thanks for your e-mail and thanks for contributing to the OVAL repository.  We are managing the repository through GitHub, and some information about contributing can be found at our repository GitHub site -- https://github.com/CISecurity/OVALRepo

Further contribution information can be found here - https://github.com/CISecurity/OVALRepo/blob/master/CONTRIBUTING.md

The preferred method of submission would be to fork the GitHub repository, make your changes/additions and create a pull request.  However, if you’d like to get started more quickly, we will still accept OVAL Definitions files submitted to the list via e-mail, similar to how folks contributed to MITRE in the past.

I’d be happy to set up a call with you and a webex to go over the GitHub “fork-and-pull” model and how we envision that taking place for contributors.

Again, thanks for your contributions!
Cheers,
-Bill M.

-Bill Munyan
Technical Product Executive :: CIS-CAT
Security Controls & Automation
Center for Internet Security
(518) 880-0686
www.cisecurity.org<http://www.cisecurity.org/>
Follow us @CISecurity

From: OVAL_Repository [mailto:oval_repository-bounces at lists.cisecurity.org<mailto:oval_repository-bounces at lists.cisecurity.org>] On Behalf Of Sunil Pagare
Sent: Tuesday, November 24, 2015 12:20 AM
To: oval_developer at lists.cisecurity.org<mailto:oval_developer at lists.cisecurity.org>; oval_repository at lists.cisecurity.org<mailto:oval_repository at lists.cisecurity.org>
Subject: Re: [OVAL REPOSITORY] [OVAL DEVELOPER] Latest Updates on Website

Hi All,

I want to work voluntary to submit OVAL definitions for Microsoft platform. Anyone who know about this work out, could you please help me to provide information about this?

Best Regards,
Sunil

On Fri, Nov 20, 2015 at 11:35 AM, Sunil Pagare <pagare.sunil at gmail.com<mailto:pagare.sunil at gmail.com>> wrote:
Hi All,

May I know the guidelines / steps / tools to create the OVAL definitions for Microsoft products? So, that I can contribute to submit OVAL definition for Microsoft products.

Best Regards,
Sunil

On Fri, Nov 6, 2015 at 10:17 AM, Sunil Pagare <pagare.sunil at gmail.com<mailto:pagare.sunil at gmail.com>> wrote:
Thanks David for informing.

On Thu, Nov 5, 2015 at 9:15 PM, David Ries <ries at jovalcm.com<mailto:ries at jovalcm.com>> wrote:
Hi Sunil,

I just wanted to respond and say that I didn’t have any information for you.

The OVAL Repository is a community-driven effort. For our part here at Joval, we contribute to the repository by developing processes and automation tools but have not historically contributed content. And, there are no formal commitments or timelines that I know of by other individuals or organizations to develop and contribute content. The repository has 10s of 1000s of high-quality definitions and is growing by the day, but it all seems to be relatively organic and informal.

If there is a particularly piece (or category) of content that you want, you can develop it yourself and contribute it (the mailing list will help you) or perhaps someone else on the list will volunteer to create it.

-David

On Nov 4, 2015, at 10:02 PM, Sunil Pagare <pagare.sunil at GMAIL.COM<mailto:pagare.sunil at gmail.com>> wrote:

Hello,

Would you please share the details (product list and time line if any) about vulnerabilities submission for products on windows platforms so, that it will help us a lot.

Best Regards,
Sunil

On Tue, Nov 3, 2015 at 8:53 AM, Sunil Pagare <pagare.sunil at gmail.com<mailto:pagare.sunil at gmail.com>> wrote:
Hello David,

The vulnerability definitions for Microsoft patch Tuesday are not being submitted to OVAL repository right now, but it is only for Microsoft products not for other products like Adobe, Java etc. for Windows platform. Can you provide details for this?

Best Regards,
Sunil

On Mon, Nov 2, 2015 at 1:05 PM, Sunil Pagare <pagare.sunil at gmail.com<mailto:pagare.sunil at gmail.com>> wrote:
Hello David,

Thanks for the information.

Best Regards,
Sunil

On Mon, Nov 2, 2015 at 10:51 AM, David Ries <ries at jovalcm.com<mailto:ries at jovalcm.com>> wrote:
Hi Sunil and Suraj,

There was an issue with updates to the repo not appearing on the website. That has been fixed, as Stephen noted.

However, I think you are asking about a different problem. Since the transition, definitions for Microsoft Patch Tuesday have not been contributed by the community. The organization that had been contributing these definitions to the MITRE repository stopped contributing them without giving the community any advance notice. This was discussed on the last OVAL Board call and we are actively working to find an organization willing to take over creating and contributing this content.

Best,
David

On Nov 1, 2015, at 11:00 PM, Sunil Pagare <pagare.sunil at GMAIL.COM<mailto:pagare.sunil at gmail.com>> wrote:

Thanks Stephen for updating.

May I know by when this latest update issue will be fixed?

Best Regards,
Sunil



On Sat, Oct 31, 2015 at 10:16 AM, Suraj Krishnaswami <suraj.krishnaswami at gmail.com<mailto:suraj.krishnaswami at gmail.com>> wrote:
Hi Stephen,

I have the same concern. I saw the issue reported (https://github.com/CISecurity/OVALRepo/issues/133). However, i am not able to see any pull request sent, even after the microsoft patch tuesday. So is it that, new definitions are not being submmited for microsoft?


On Fri, Oct 30, 2015 at 5:44 PM, Stephen Keller <Stephen.Keller at cisecurity.org<mailto:Stephen.Keller at cisecurity.org>> wrote:
Hi Sunil,

We are currently working on an issue regarding the latest updates within the repository. We should have a fix in the near future.

Thanks,

Stephen Keller
Sr. Application Development Specialist
IT
Center for Internet Security
(518) 880-0720
www.cisecurity.org<http://cisecurity.org/>
Follow us @CISecurity
On 10/30/2015 12:28 AM, Sunil Pagare wrote:
Hello All,

I've seemed that after transition from MITRE to CIS, the new or modified vulnerability definitions for windows platform are being submitted very less. So, I want to know about latest updates for the new or modified vulnerability definitions.

Best Regards,
Sunil

On Wed, Oct 28, 2015 at 3:38 PM, Sunil Pagare <pagare.sunil at gmail.com<mailto:pagare.sunil at gmail.com>> wrote:
Hello,

For OVAL repository on CISecurity site, it never shows latest updates of any class. Only it shows for last 90 to 120 days.

I want to know that whether the latest updates for Vulnerability is supported. If yes, how I can access the latest updates.

Awaiting for your feedback.

Best Regards,
Sunil


...

...

_______________________________________________

OVAL_Developer mailing list

OVAL_Developer at lists.cisecurity.org<mailto:OVAL_Developer at lists.cisecurity.org>

http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org

This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments.
. . .

...

_______________________________________________
OVAL_Developer mailing list
OVAL_Developer at lists.cisecurity.org<mailto:OVAL_Developer at lists.cisecurity.org>
http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org



...
_______________________________________________
OVAL_Developer mailing list
OVAL_Developer at lists.cisecurity.org<mailto:OVAL_Developer at lists.cisecurity.org>
http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org


David E. Ries
Co-Founder, Business Development
ries at jovalcm.com<mailto:ries at jovalcm.com>

 <http://jovalcm.com/>
 <http://jovalcm.com/>
 <http://jovalcm.com/>
 <http://jovalcm.com/>

David E. Ries
Co-Founder, Business Development
ries at jovalcm.com <http://jovalcm.com/>

 <http://jovalcm.com/>
 <http://jovalcm.com/>
 <http://jovalcm.com/>

...

...<http://jovalcm.com/>
This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments.
. . .


...
DTCC DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify us immediately and delete the email and any attachments from your system. The recipient should check this email and any attachments for the presence of viruses.  The company accepts no liability for any damage caused by any virus transmitted by this email.

...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cisecurity.org/pipermail/oval_developer_lists.cisecurity.org/attachments/20151209/65a6020c/attachment-0002.html>


More information about the OVAL_Developer mailing list