[OVAL REPOSITORY] Problem with the Family OVAL definitions for Unix
solin at jovalcm.com
Fri Nov 13 09:38:55 EST 2015
Using the OVALRepo project (head revision, master branch), I was able to run the following command:
python3 scripts/build_oval_definitions_file.py -o unix-all-vulnerability.xml --family unix --class vulnerability
That generated unix-all-vulnerability.xml, which successfully schema-validates (meaning, nothing is missing; I was able to run it).
So, perhaps there’s something not right with the repository website content generation?
David A. Solin
Co-Founder, Research & Technology
solin at jovalcm.com <mailto:solin at jovalcm.com>
> On Nov 12, 2015, at 3:34 PM, Rich, Dale <drich1 at dtcc.com> wrote:
> Help Please,
> We are using a few of the “family” level OVAL patch and vulnerability definition files for Unix from the CISecurity repository.
> Ex: https://oval.cisecurity.org/repository/download/5.10/patch/unix.xml <https://oval.cisecurity.org/repository/download/5.10/patch/unix.xml>
> https://oval.cisecurity.org/repository/download/5.11.1/patch/unix.xml <https://oval.cisecurity.org/repository/download/5.11.1/patch/unix.xml>
> (I believe they are broken in GitHub too)
> Unfortunately, at least some of the definitions in there are referencing checks that don’t exist further down in the document. This is becoming a pretty major problem for us. Until I can get our new content developers onboarded, can someone please address this?
> DTCC Non-Confidential (White)
> Dale Rich, CISSP
> DTCC Global Vulnerability Detection & Management
> Technology Risk Management (TRM)
> Tampa, FL (EST)
> (813) 470-2193 | drich1 at dtcc.com <mailto:drich1 at dtcc.com>
> Visit us at www.dtcc.com <http://www.dtcc.com/> or follow us on Twitter @The_DTCC and on LinkedIn <http://www.linkedin.com/company/6915?trk=saber_s000001e_1000>.
> To learn about career opportunities at DTCC, please visit dtcc.com/careers <http://dtcc.com/careers>.
> DTCC DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify us immediately and delete the email and any attachments from your system. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
> OVAL_Repository mailing list
> OVAL_Repository at lists.cisecurity.org <mailto:OVAL_Repository at lists.cisecurity.org>
> http://lists.cisecurity.org/mailman/listinfo/oval_repository_lists.cisecurity.org <http://lists.cisecurity.org/mailman/listinfo/oval_repository_lists.cisecurity.org>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OVAL_Repository