[OVAL REPOSITORY] Problem with the Family OVAL definitions for Unix

Adam Montville Adam.Montville at cisecurity.org
Fri Nov 13 09:49:38 EST 2015


Also, I didn’t build vulnerability, but patch, which appears to be what Rich was after.

From: "adam.w.montville at gmail.com<mailto:adam.w.montville at gmail.com>" <adam.w.montville at gmail.com<mailto:adam.w.montville at gmail.com>>
Date: Friday, November 13, 2015 at 8:42 AM
To: David Solin <solin at jovalcm.com<mailto:solin at jovalcm.com>>
Cc: "oval_developer at lists.cisecurity.org<mailto:oval_developer at lists.cisecurity.org>" <oval_developer at lists.cisecurity.org<mailto:oval_developer at lists.cisecurity.org>>, "oval_repository at lists.cisecurity.org<mailto:oval_repository at lists.cisecurity.org>" <oval_repository at lists.cisecurity.org<mailto:oval_repository at lists.cisecurity.org>>
Subject: Re: [OVAL REPOSITORY] Problem with the Family OVAL definitions for Unix

Hi David,

Just as another data point, I ran a very similar command (I restricted to 5.10), and ran into a schema validation error (it looks like one element was missing).

Adam

On Nov 13, 2015, at 8:38 AM, David Solin <solin at jovalcm.com<mailto:solin at jovalcm.com>> wrote:

Hi Dale,

Using the OVALRepo project (head revision, master branch), I was able to run the following command:

python3 scripts/build_oval_definitions_file.py -o unix-all-vulnerability.xml --family unix --class vulnerability

That generated unix-all-vulnerability.xml, which successfully schema-validates (meaning, nothing is missing; I was able to run it).

So, perhaps there’s something not right with the repository website content generation?

Best regards,
—David Solin


David A. Solin
Co-Founder, Research & Technology
solin at jovalcm.com<mailto:solin at jovalcm.com>

[Joval Continuous Monitoring]<http://jovalcm.com/>

[Facebook]<https://www.facebook.com/jovalcm>[Linkedin]<https://www.linkedin.com/company/joval-continuous-monitoring>


On Nov 12, 2015, at 3:34 PM, Rich, Dale <drich1 at dtcc.com<mailto:drich1 at dtcc.com>> wrote:

Help Please,

We are using a few of the “family” level OVAL patch and vulnerability definition files for Unix from the CISecurity repository.
Ex:       https://oval.cisecurity.org/repository/download/5.10/patch/unix.xml
            https://oval.cisecurity.org/repository/download/5.11.1/patch/unix.xml
            (I believe they are broken in GitHub too)

Unfortunately, at least some of the definitions in there are referencing checks that don’t exist further down in the document.  This is becoming a pretty major problem for us.  Until I can get our new content developers onboarded, can someone please address this?


Thanks,
Dale

DTCC Non-Confidential (White)
---------------------------------------------------
Dale Rich, CISSP
DTCC Global Vulnerability Detection & Management
Technology Risk Management (TRM)
Tampa, FL (EST)
(813) 470-2193 | drich1 at dtcc.com<mailto:drich1 at dtcc.com>

<image002.png>

Visit us at www.dtcc.com<http://www.dtcc.com/> or follow us on Twitter @The_DTCC and on LinkedIn<http://www.linkedin.com/company/6915?trk=saber_s000001e_1000>.
To learn about career opportunities at DTCC, please visit dtcc.com/careers<http://dtcc.com/careers>.



DTCC DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify us immediately and delete the email and any attachments from your system. The recipient should check this email and any attachments for the presence of viruses.  The company accepts no liability for any damage caused by any virus transmitted by this email.
...
_______________________________________________
OVAL_Repository mailing list
OVAL_Repository at lists.cisecurity.org<mailto:OVAL_Repository at lists.cisecurity.org>
http://lists.cisecurity.org/mailman/listinfo/oval_repository_lists.cisecurity.org


...
_______________________________________________
OVAL_Repository mailing list
OVAL_Repository at lists.cisecurity.org<mailto:OVAL_Repository at lists.cisecurity.org>
http://lists.cisecurity.org/mailman/listinfo/oval_repository_lists.cisecurity.org


...

...
This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments.

. . .

...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cisecurity.org/pipermail/oval_repository_lists.cisecurity.org/attachments/20151113/12ef2413/attachment-0002.html>


More information about the OVAL_Repository mailing list