[OVAL REPOSITORY] [OVAL DEVELOPER] Problem with the Family OVAL definitions for Unix

Adam Montville Adam.Montville at cisecurity.org
Thu Nov 12 16:43:47 EST 2015


Hi Rich,

Thanks for pointing this out.  These files don’t exist on GitHub – they have to be built using the scripts.  I’m doing that now to see if I can replicate the issue outside of the static downloads.

Adam

From: <Rich>, Dale <drich1 at dtcc.com<mailto:drich1 at dtcc.com>>
Date: Thursday, November 12, 2015 at 3:34 PM
To: "oval_developer at lists.cisecurity.org<mailto:oval_developer at lists.cisecurity.org>" <oval_developer at lists.cisecurity.org<mailto:oval_developer at lists.cisecurity.org>>, "oval_repository at lists.cisecurity.org<mailto:oval_repository at lists.cisecurity.org>" <oval_repository at lists.cisecurity.org<mailto:oval_repository at lists.cisecurity.org>>
Subject: [OVAL DEVELOPER] Problem with the Family OVAL definitions for Unix

Help Please,

We are using a few of the “family” level OVAL patch and vulnerability definition files for Unix from the CISecurity repository.
Ex:       https://oval.cisecurity.org/repository/download/5.10/patch/unix.xml
            https://oval.cisecurity.org/repository/download/5.11.1/patch/unix.xml
            (I believe they are broken in GitHub too)

Unfortunately, at least some of the definitions in there are referencing checks that don’t exist further down in the document.  This is becoming a pretty major problem for us.  Until I can get our new content developers onboarded, can someone please address this?


Thanks,
Dale

DTCC Non-Confidential (White)
---------------------------------------------------
Dale Rich, CISSP
DTCC Global Vulnerability Detection & Management
Technology Risk Management (TRM)
Tampa, FL (EST)
(813) 470-2193 | drich1 at dtcc.com<mailto:drich1 at dtcc.com>

[cid:image002.png at 01D11D68.0C217AA0]

Visit us at www.dtcc.com<http://www.dtcc.com/>or follow us on Twitter at The_DTCCand onLinkedIn<http://www.linkedin.com/company/6915?trk=saber_s000001e_1000>.
To learnabout career opportunities at DTCC, please visitdtcc.com/careers<http://dtcc.com/careers>.



DTCC DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify us immediately and delete the email and any attachments from your system. The recipient should check this email and any attachments for the presence of viruses.  The company accepts no liability for any damage caused by any virus transmitted by this email.
...

...
This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments.

. . .

...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cisecurity.org/pipermail/oval_repository_lists.cisecurity.org/attachments/20151112/38d45b12/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 12512 bytes
Desc: image002.png
URL: <http://lists.cisecurity.org/pipermail/oval_repository_lists.cisecurity.org/attachments/20151112/38d45b12/attachment.png>


More information about the OVAL_Repository mailing list