A list for people interested in developing the OVAL language.
View all threadsHello All,
I've seemed that after transition from MITRE to CIS, the new or modified
vulnerability definitions for windows platform are being submitted very
less. So, I want to know about latest updates for the new or modified
vulnerability definitions.
Best Regards,
Sunil
On Wed, Oct 28, 2015 at 3:38 PM, Sunil Pagare pagare.sunil@gmail.com
wrote:
Hello,
For OVAL repository on CISecurity site, it never shows latest updates of
any class. Only it shows for last 90 to 120 days.
I want to know that whether the latest updates for Vulnerability is
supported. If yes, how I can access the latest updates.
Awaiting for your feedback.
Best Regards,
Sunil
...
Hi Sunil,
We are currently working on an issue regarding the latest updates within the repository. We should have a fix in the near future.
Thanks,
Stephen Keller
Sr. Application Development Specialist
IT
Center for Internet Security
(518) 880-0720
www.cisecurity.orghttp://cisecurity.org
Follow us @CISecurity
On 10/30/2015 12:28 AM, Sunil Pagare wrote:
Hello All,
I've seemed that after transition from MITRE to CIS, the new or modified vulnerability definitions for windows platform are being submitted very less. So, I want to know about latest updates for the new or modified vulnerability definitions.
Best Regards,
Sunil
On Wed, Oct 28, 2015 at 3:38 PM, Sunil Pagare <pagare.sunil@gmail.commailto:pagare.sunil@gmail.com> wrote:
Hello,
For OVAL repository on CISecurity site, it never shows latest updates of any class. Only it shows for last 90 to 120 days.
I want to know that whether the latest updates for Vulnerability is supported. If yes, how I can access the latest updates.
Awaiting for your feedback.
Best Regards,
Sunil
...
...
OVAL_Developer mailing list
OVAL_Developer@lists.cisecurity.orgmailto:OVAL_Developer@lists.cisecurity.org
http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org
This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments.
. . .
...
Hi Stephen,
I have the same concern. I saw the issue reported (
https://github.com/CISecurity/OVALRepo/issues/133). However, i am not able
to see any pull request sent, even after the microsoft patch tuesday. So is
it that, new definitions are not being submmited for microsoft?
On Fri, Oct 30, 2015 at 5:44 PM, Stephen Keller <
Stephen.Keller@cisecurity.org> wrote:
Hi Sunil,
We are currently working on an issue regarding the latest updates within
the repository. We should have a fix in the near future.
Thanks,
Stephen Keller
Sr. Application Development Specialist
IT Center for Internet Security (518) 880-0720 www.cisecurity.org
http://cisecurity.org Follow us @CISecurity
On 10/30/2015 12:28 AM, Sunil Pagare wrote:
Hello All,
I've seemed that after transition from MITRE to CIS, the new or modified
vulnerability definitions for windows platform are being submitted very
less. So, I want to know about latest updates for the new or modified
vulnerability definitions.
Best Regards,
Sunil
On Wed, Oct 28, 2015 at 3:38 PM, Sunil Pagare pagare.sunil@gmail.com
wrote:
Hello,
For OVAL repository on CISecurity site, it never shows latest updates of
any class. Only it shows for last 90 to 120 days.
I want to know that whether the latest updates for Vulnerability is
supported. If yes, how I can access the latest updates.
Awaiting for your feedback.
Best Regards,
Sunil
...
...
OVAL_Developer mailing listOVAL_Developer@lists.cisecurity.orghttp://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org
This message and attachments may contain confidential information. If it
appears that this message was sent to you by mistake, any retention,
dissemination, distribution or copying of this message and attachments is
strictly prohibited. Please notify the sender immediately and permanently
delete the message and any attachments.
. . .
...
OVAL_Developer mailing list
OVAL_Developer@lists.cisecurity.org
http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org
...
Thanks Stephen for updating.
May I know by when this latest update issue will be fixed?
Best Regards,
Sunil
On Sat, Oct 31, 2015 at 10:16 AM, Suraj Krishnaswami <
suraj.krishnaswami@gmail.com> wrote:
Hi Stephen,
I have the same concern. I saw the issue reported (
https://github.com/CISecurity/OVALRepo/issues/133). However, i am not
able to see any pull request sent, even after the microsoft patch tuesday.
So is it that, new definitions are not being submmited for microsoft?
On Fri, Oct 30, 2015 at 5:44 PM, Stephen Keller <
Stephen.Keller@cisecurity.org> wrote:
Hi Sunil,
We are currently working on an issue regarding the latest updates within
the repository. We should have a fix in the near future.
Thanks,
Stephen Keller
Sr. Application Development Specialist
IT Center for Internet Security (518) 880-0720 www.cisecurity.org
http://cisecurity.org Follow us @CISecurity
On 10/30/2015 12:28 AM, Sunil Pagare wrote:
Hello All,
I've seemed that after transition from MITRE to CIS, the new or modified
vulnerability definitions for windows platform are being submitted very
less. So, I want to know about latest updates for the new or modified
vulnerability definitions.
Best Regards,
Sunil
On Wed, Oct 28, 2015 at 3:38 PM, Sunil Pagare pagare.sunil@gmail.com
wrote:
Hello,
For OVAL repository on CISecurity site, it never shows latest updates of
any class. Only it shows for last 90 to 120 days.
I want to know that whether the latest updates for Vulnerability is
supported. If yes, how I can access the latest updates.
Awaiting for your feedback.
Best Regards,
Sunil
...
...
OVAL_Developer mailing listOVAL_Developer@lists.cisecurity.orghttp://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org
This message and attachments may contain confidential information. If it
appears that this message was sent to you by mistake, any retention,
dissemination, distribution or copying of this message and attachments is
strictly prohibited. Please notify the sender immediately and permanently
delete the message and any attachments.
. . .
...
OVAL_Developer mailing list
OVAL_Developer@lists.cisecurity.org
http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org
...
Hi Sunil and Suraj,
There was an issue with updates to the repo not appearing on the website. That has been fixed, as Stephen noted.
However, I think you are asking about a different problem. Since the transition, definitions for Microsoft Patch Tuesday have not been contributed by the community. The organization that had been contributing these definitions to the MITRE repository stopped contributing them without giving the community any advance notice. This was discussed on the last OVAL Board call and we are actively working to find an organization willing to take over creating and contributing this content.
Best,
David
On Nov 1, 2015, at 11:00 PM, Sunil Pagare pagare.sunil@GMAIL.COM wrote:
Thanks Stephen for updating.
May I know by when this latest update issue will be fixed?
Best Regards,
Sunil
On Sat, Oct 31, 2015 at 10:16 AM, Suraj Krishnaswami <suraj.krishnaswami@gmail.com mailto:suraj.krishnaswami@gmail.com> wrote:
Hi Stephen,
I have the same concern. I saw the issue reported (https://github.com/CISecurity/OVALRepo/issues/133 https://github.com/CISecurity/OVALRepo/issues/133). However, i am not able to see any pull request sent, even after the microsoft patch tuesday. So is it that, new definitions are not being submmited for microsoft?
On Fri, Oct 30, 2015 at 5:44 PM, Stephen Keller <Stephen.Keller@cisecurity.org mailto:Stephen.Keller@cisecurity.org> wrote:
Hi Sunil,
We are currently working on an issue regarding the latest updates within the repository. We should have a fix in the near future.
Thanks,
Stephen Keller
Sr. Application Development Specialist
IT
Center for Internet Security
(518) 880-0720
www.cisecurity.org http://cisecurity.org/
Follow us @CISecurity
On 10/30/2015 12:28 AM, Sunil Pagare wrote:
Hello All,
I've seemed that after transition from MITRE to CIS, the new or modified vulnerability definitions for windows platform are being submitted very less. So, I want to know about latest updates for the new or modified vulnerability definitions.
Best Regards,
Sunil
On Wed, Oct 28, 2015 at 3:38 PM, Sunil Pagare <pagare.sunil@gmail.com mailto:pagare.sunil@gmail.com> wrote:
Hello,
For OVAL repository on CISecurity site, it never shows latest updates of any class. Only it shows for last 90 to 120 days.
I want to know that whether the latest updates for Vulnerability is supported. If yes, how I can access the latest updates.
Awaiting for your feedback.
Best Regards,
Sunil
...
...
OVAL_Developer mailing list
OVAL_Developer@lists.cisecurity.org mailto:OVAL_Developer@lists.cisecurity.org
http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org
This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments.
. . .
...
OVAL_Developer mailing list
OVAL_Developer@lists.cisecurity.org mailto:OVAL_Developer@lists.cisecurity.org
http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org
...
OVAL_Developer mailing list
OVAL_Developer@lists.cisecurity.org
http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org
David E. Ries
Co-Founder, Business Development
ries@jovalcm.com mailto:ries@jovalcm.com
http://jovalcm.com/
https://www.facebook.com/jovalcm https://www.linkedin.com/company/joval-continuous-monitoring
...
Hello David,
Thanks for the information.
Best Regards,
Sunil
On Mon, Nov 2, 2015 at 10:51 AM, David Ries ries@jovalcm.com wrote:
Hi Sunil and Suraj,
There was an issue with updates to the repo not appearing on the website.
That has been fixed, as Stephen noted.
However, I think you are asking about a different problem. Since the
transition, definitions for Microsoft Patch Tuesday have not been
contributed by the community. The organization that had been contributing
these definitions to the MITRE repository stopped contributing them without
giving the community any advance notice. This was discussed on the last
OVAL Board call and we are actively working to find an organization willing
to take over creating and contributing this content.
Best,
David
On Nov 1, 2015, at 11:00 PM, Sunil Pagare <pagare.sunil@GMAIL.COM
pagare.sunil@gmail.com> wrote:
Thanks Stephen for updating.
May I know by when this latest update issue will be fixed?
Best Regards,
Sunil
On Sat, Oct 31, 2015 at 10:16 AM, Suraj Krishnaswami <
suraj.krishnaswami@gmail.com> wrote:
Hi Stephen,
I have the same concern. I saw the issue reported (
https://github.com/CISecurity/OVALRepo/issues/133). However, i am not
able to see any pull request sent, even after the microsoft patch tuesday.
So is it that, new definitions are not being submmited for microsoft?
On Fri, Oct 30, 2015 at 5:44 PM, Stephen Keller <
Stephen.Keller@cisecurity.org> wrote:
Hi Sunil,
We are currently working on an issue regarding the latest updates within
the repository. We should have a fix in the near future.
Thanks,
Stephen Keller
Sr. Application Development Specialist
IT Center for Internet Security (518) 880-0720 www.cisecurity.org
http://cisecurity.org/ Follow us @CISecurity
On 10/30/2015 12:28 AM, Sunil Pagare wrote:
Hello All,
I've seemed that after transition from MITRE to CIS, the new or modified
vulnerability definitions for windows platform are being submitted very
less. So, I want to know about latest updates for the new or modified
vulnerability definitions.
Best Regards,
Sunil
On Wed, Oct 28, 2015 at 3:38 PM, Sunil Pagare pagare.sunil@gmail.com
wrote:
Hello,
For OVAL repository on CISecurity site, it never shows latest updates
of any class. Only it shows for last 90 to 120 days.
I want to know that whether the latest updates for Vulnerability is
supported. If yes, how I can access the latest updates.
Awaiting for your feedback.
Best Regards,
Sunil
...
...
OVAL_Developer mailing listOVAL_Developer@lists.cisecurity.orghttp://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org
This message and attachments may contain confidential information. If it
appears that this message was sent to you by mistake, any retention,
dissemination, distribution or copying of this message and attachments is
strictly prohibited. Please notify the sender immediately and permanently
delete the message and any attachments.
. . .
...
OVAL_Developer mailing list
OVAL_Developer@lists.cisecurity.org
http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org
...
OVAL_Developer mailing list
OVAL_Developer@lists.cisecurity.org
http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org
David E. Ries
Co-Founder, Business Development
ries@jovalcm.com
[image: Joval Continuous Monitoring] http://jovalcm.com
[image: Facebook] https://www.facebook.com/jovalcm [image: Linkedin]
https://www.linkedin.com/company/joval-continuous-monitoring
...
Hello David,
The vulnerability definitions for Microsoft patch Tuesday are not being
submitted to OVAL repository right now, but it is only for Microsoft
products not for other products like Adobe, Java etc. for Windows platform.
Can you provide details for this?
Best Regards,
Sunil
On Mon, Nov 2, 2015 at 1:05 PM, Sunil Pagare pagare.sunil@gmail.com wrote:
Hello David,
Thanks for the information.
Best Regards,
Sunil
On Mon, Nov 2, 2015 at 10:51 AM, David Ries ries@jovalcm.com wrote:
Hi Sunil and Suraj,
There was an issue with updates to the repo not appearing on the website.
That has been fixed, as Stephen noted.
However, I think you are asking about a different problem. Since the
transition, definitions for Microsoft Patch Tuesday have not been
contributed by the community. The organization that had been contributing
these definitions to the MITRE repository stopped contributing them without
giving the community any advance notice. This was discussed on the last
OVAL Board call and we are actively working to find an organization willing
to take over creating and contributing this content.
Best,
David
On Nov 1, 2015, at 11:00 PM, Sunil Pagare <pagare.sunil@GMAIL.COM
pagare.sunil@gmail.com> wrote:
Thanks Stephen for updating.
May I know by when this latest update issue will be fixed?
Best Regards,
Sunil
On Sat, Oct 31, 2015 at 10:16 AM, Suraj Krishnaswami <
suraj.krishnaswami@gmail.com> wrote:
Hi Stephen,
I have the same concern. I saw the issue reported (
https://github.com/CISecurity/OVALRepo/issues/133). However, i am not
able to see any pull request sent, even after the microsoft patch tuesday.
So is it that, new definitions are not being submmited for microsoft?
On Fri, Oct 30, 2015 at 5:44 PM, Stephen Keller <
Stephen.Keller@cisecurity.org> wrote:
Hi Sunil,
We are currently working on an issue regarding the latest updates
within the repository. We should have a fix in the near future.
Thanks,
Stephen Keller
Sr. Application Development Specialist
IT Center for Internet Security (518) 880-0720 www.cisecurity.org
http://cisecurity.org/ Follow us @CISecurity
On 10/30/2015 12:28 AM, Sunil Pagare wrote:
Hello All,
I've seemed that after transition from MITRE to CIS, the new or
modified vulnerability definitions for windows platform are being submitted
very less. So, I want to know about latest updates for the new or modified
vulnerability definitions.
Best Regards,
Sunil
On Wed, Oct 28, 2015 at 3:38 PM, Sunil Pagare pagare.sunil@gmail.com
wrote:
Hello,
For OVAL repository on CISecurity site, it never shows latest updates
of any class. Only it shows for last 90 to 120 days.
I want to know that whether the latest updates for Vulnerability is
supported. If yes, how I can access the latest updates.
Awaiting for your feedback.
Best Regards,
Sunil
...
...
OVAL_Developer mailing listOVAL_Developer@lists.cisecurity.orghttp://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org
This message and attachments may contain confidential information. If
it appears that this message was sent to you by mistake, any retention,
dissemination, distribution or copying of this message and attachments is
strictly prohibited. Please notify the sender immediately and permanently
delete the message and any attachments.
. . .
...
OVAL_Developer mailing list
OVAL_Developer@lists.cisecurity.org
http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org
...
OVAL_Developer mailing list
OVAL_Developer@lists.cisecurity.org
http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org
David E. Ries
Co-Founder, Business Development
ries@jovalcm.com
[image: Joval Continuous Monitoring] http://jovalcm.com
[image: Facebook] https://www.facebook.com/jovalcm [image: Linkedin]
https://www.linkedin.com/company/joval-continuous-monitoring
...
Hello,
Would you please share the details (product list and time line if any)
about vulnerabilities submission for products on windows platforms so, that
it will help us a lot.
Best Regards,
Sunil
On Tue, Nov 3, 2015 at 8:53 AM, Sunil Pagare pagare.sunil@gmail.com wrote:
Hello David,
The vulnerability definitions for Microsoft patch Tuesday are not being
submitted to OVAL repository right now, but it is only for Microsoft
products not for other products like Adobe, Java etc. for Windows platform.
Can you provide details for this?
Best Regards,
Sunil
On Mon, Nov 2, 2015 at 1:05 PM, Sunil Pagare pagare.sunil@gmail.com
wrote:
Hello David,
Thanks for the information.
Best Regards,
Sunil
On Mon, Nov 2, 2015 at 10:51 AM, David Ries ries@jovalcm.com wrote:
Hi Sunil and Suraj,
There was an issue with updates to the repo not appearing on the
website. That has been fixed, as Stephen noted.
However, I think you are asking about a different problem. Since the
transition, definitions for Microsoft Patch Tuesday have not been
contributed by the community. The organization that had been contributing
these definitions to the MITRE repository stopped contributing them without
giving the community any advance notice. This was discussed on the last
OVAL Board call and we are actively working to find an organization willing
to take over creating and contributing this content.
Best,
David
On Nov 1, 2015, at 11:00 PM, Sunil Pagare <pagare.sunil@GMAIL.COM
pagare.sunil@gmail.com> wrote:
Thanks Stephen for updating.
May I know by when this latest update issue will be fixed?
Best Regards,
Sunil
On Sat, Oct 31, 2015 at 10:16 AM, Suraj Krishnaswami <
suraj.krishnaswami@gmail.com> wrote:
Hi Stephen,
I have the same concern. I saw the issue reported (
https://github.com/CISecurity/OVALRepo/issues/133). However, i am not
able to see any pull request sent, even after the microsoft patch tuesday.
So is it that, new definitions are not being submmited for microsoft?
On Fri, Oct 30, 2015 at 5:44 PM, Stephen Keller <
Stephen.Keller@cisecurity.org> wrote:
Hi Sunil,
We are currently working on an issue regarding the latest updates
within the repository. We should have a fix in the near future.
Thanks,
Stephen Keller
Sr. Application Development Specialist
IT Center for Internet Security (518) 880-0720 www.cisecurity.org
http://cisecurity.org/ Follow us @CISecurity
On 10/30/2015 12:28 AM, Sunil Pagare wrote:
Hello All,
I've seemed that after transition from MITRE to CIS, the new or
modified vulnerability definitions for windows platform are being submitted
very less. So, I want to know about latest updates for the new or modified
vulnerability definitions.
Best Regards,
Sunil
On Wed, Oct 28, 2015 at 3:38 PM, Sunil Pagare pagare.sunil@gmail.com
wrote:
Hello,
For OVAL repository on CISecurity site, it never shows latest updates
of any class. Only it shows for last 90 to 120 days.
I want to know that whether the latest updates for Vulnerability is
supported. If yes, how I can access the latest updates.
Awaiting for your feedback.
Best Regards,
Sunil
...
...
OVAL_Developer mailing listOVAL_Developer@lists.cisecurity.orghttp://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org
This message and attachments may contain confidential information. If
it appears that this message was sent to you by mistake, any retention,
dissemination, distribution or copying of this message and attachments is
strictly prohibited. Please notify the sender immediately and permanently
delete the message and any attachments.
. . .
...
OVAL_Developer mailing list
OVAL_Developer@lists.cisecurity.org
http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org
...
OVAL_Developer mailing list
OVAL_Developer@lists.cisecurity.org
http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org
David E. Ries
Co-Founder, Business Development
ries@jovalcm.com
[image: Joval Continuous Monitoring] http://jovalcm.com
[image: Facebook] https://www.facebook.com/jovalcm [image: Linkedin]
https://www.linkedin.com/company/joval-continuous-monitoring
...
Hi Sunil,
I just wanted to respond and say that I didn’t have any information for you.
The OVAL Repository is a community-driven effort. For our part here at Joval, we contribute to the repository by developing processes and automation tools but have not historically contributed content. And, there are no formal commitments or timelines that I know of by other individuals or organizations to develop and contribute content. The repository has 10s of 1000s of high-quality definitions and is growing by the day, but it all seems to be relatively organic and informal.
If there is a particularly piece (or category) of content that you want, you can develop it yourself and contribute it (the mailing list will help you) or perhaps someone else on the list will volunteer to create it.
-David
On Nov 4, 2015, at 10:02 PM, Sunil Pagare pagare.sunil@GMAIL.COM wrote:
Hello,
Would you please share the details (product list and time line if any) about vulnerabilities submission for products on windows platforms so, that it will help us a lot.
Best Regards,
Sunil
On Tue, Nov 3, 2015 at 8:53 AM, Sunil Pagare <pagare.sunil@gmail.com mailto:pagare.sunil@gmail.com> wrote:
Hello David,
The vulnerability definitions for Microsoft patch Tuesday are not being submitted to OVAL repository right now, but it is only for Microsoft products not for other products like Adobe, Java etc. for Windows platform. Can you provide details for this?
Best Regards,
Sunil
On Mon, Nov 2, 2015 at 1:05 PM, Sunil Pagare <pagare.sunil@gmail.com mailto:pagare.sunil@gmail.com> wrote:
Hello David,
Thanks for the information.
Best Regards,
Sunil
On Mon, Nov 2, 2015 at 10:51 AM, David Ries <ries@jovalcm.com mailto:ries@jovalcm.com> wrote:
Hi Sunil and Suraj,
There was an issue with updates to the repo not appearing on the website. That has been fixed, as Stephen noted.
However, I think you are asking about a different problem. Since the transition, definitions for Microsoft Patch Tuesday have not been contributed by the community. The organization that had been contributing these definitions to the MITRE repository stopped contributing them without giving the community any advance notice. This was discussed on the last OVAL Board call and we are actively working to find an organization willing to take over creating and contributing this content.
Best,
David
On Nov 1, 2015, at 11:00 PM, Sunil Pagare <pagare.sunil@GMAIL.COM mailto:pagare.sunil@gmail.com> wrote:
Thanks Stephen for updating.
May I know by when this latest update issue will be fixed?
Best Regards,
Sunil
On Sat, Oct 31, 2015 at 10:16 AM, Suraj Krishnaswami <suraj.krishnaswami@gmail.com mailto:suraj.krishnaswami@gmail.com> wrote:
Hi Stephen,
I have the same concern. I saw the issue reported (https://github.com/CISecurity/OVALRepo/issues/133 https://github.com/CISecurity/OVALRepo/issues/133). However, i am not able to see any pull request sent, even after the microsoft patch tuesday. So is it that, new definitions are not being submmited for microsoft?
On Fri, Oct 30, 2015 at 5:44 PM, Stephen Keller <Stephen.Keller@cisecurity.org mailto:Stephen.Keller@cisecurity.org> wrote:
Hi Sunil,
We are currently working on an issue regarding the latest updates within the repository. We should have a fix in the near future.
Thanks,
Stephen Keller
Sr. Application Development Specialist
IT
Center for Internet Security
(518) 880-0720
www.cisecurity.org http://cisecurity.org/
Follow us @CISecurity
On 10/30/2015 12:28 AM, Sunil Pagare wrote:
Hello All,
I've seemed that after transition from MITRE to CIS, the new or modified vulnerability definitions for windows platform are being submitted very less. So, I want to know about latest updates for the new or modified vulnerability definitions.
Best Regards,
Sunil
On Wed, Oct 28, 2015 at 3:38 PM, Sunil Pagare <pagare.sunil@gmail.com mailto:pagare.sunil@gmail.com> wrote:
Hello,
For OVAL repository on CISecurity site, it never shows latest updates of any class. Only it shows for last 90 to 120 days.
I want to know that whether the latest updates for Vulnerability is supported. If yes, how I can access the latest updates.
Awaiting for your feedback.
Best Regards,
Sunil
...
...
OVAL_Developer mailing list
OVAL_Developer@lists.cisecurity.org mailto:OVAL_Developer@lists.cisecurity.org
http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org
This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments.
. . .
...
OVAL_Developer mailing list
OVAL_Developer@lists.cisecurity.org mailto:OVAL_Developer@lists.cisecurity.org
http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org
...
OVAL_Developer mailing list
OVAL_Developer@lists.cisecurity.org mailto:OVAL_Developer@lists.cisecurity.org
http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org
David E. Ries
Co-Founder, Business Development
ries@jovalcm.com mailto:ries@jovalcm.com
http://jovalcm.com/
https://www.facebook.com/jovalcm https://www.linkedin.com/company/joval-continuous-monitoring
David E. Ries
Co-Founder, Business Development
ries@jovalcm.com mailto:ries@jovalcm.com
http://jovalcm.com/
https://www.facebook.com/jovalcm https://www.linkedin.com/company/joval-continuous-monitoring
...
Thanks David for informing.
On Thu, Nov 5, 2015 at 9:15 PM, David Ries ries@jovalcm.com wrote:
Hi Sunil,
I just wanted to respond and say that I didn’t have any information for
you.
The OVAL Repository is a community-driven effort. For our part here at
Joval, we contribute to the repository by developing processes and
automation tools but have not historically contributed content. And, there
are no formal commitments or timelines that I know of by other individuals
or organizations to develop and contribute content. The repository has 10s
of 1000s of high-quality definitions and is growing by the day, but it all
seems to be relatively organic and informal.
If there is a particularly piece (or category) of content that you want,
you can develop it yourself and contribute it (the mailing list will help
you) or perhaps someone else on the list will volunteer to create it.
-David
On Nov 4, 2015, at 10:02 PM, Sunil Pagare <pagare.sunil@GMAIL.COM
pagare.sunil@gmail.com> wrote:
Hello,
Would you please share the details (product list and time line if any)
about vulnerabilities submission for products on windows platforms so, that
it will help us a lot.
Best Regards,
Sunil
On Tue, Nov 3, 2015 at 8:53 AM, Sunil Pagare pagare.sunil@gmail.com
wrote:
Hello David,
The vulnerability definitions for Microsoft patch Tuesday are not being
submitted to OVAL repository right now, but it is only for Microsoft
products not for other products like Adobe, Java etc. for Windows platform.
Can you provide details for this?
Best Regards,
Sunil
On Mon, Nov 2, 2015 at 1:05 PM, Sunil Pagare pagare.sunil@gmail.com
wrote:
Hello David,
Thanks for the information.
Best Regards,
Sunil
On Mon, Nov 2, 2015 at 10:51 AM, David Ries ries@jovalcm.com wrote:
Hi Sunil and Suraj,
There was an issue with updates to the repo not appearing on the
website. That has been fixed, as Stephen noted.
However, I think you are asking about a different problem. Since the
transition, definitions for Microsoft Patch Tuesday have not been
contributed by the community. The organization that had been contributing
these definitions to the MITRE repository stopped contributing them without
giving the community any advance notice. This was discussed on the last
OVAL Board call and we are actively working to find an organization willing
to take over creating and contributing this content.
Best,
David
On Nov 1, 2015, at 11:00 PM, Sunil Pagare <pagare.sunil@GMAIL.COM
pagare.sunil@gmail.com> wrote:
Thanks Stephen for updating.
May I know by when this latest update issue will be fixed?
Best Regards,
Sunil
On Sat, Oct 31, 2015 at 10:16 AM, Suraj Krishnaswami <
suraj.krishnaswami@gmail.com> wrote:
Hi Stephen,
I have the same concern. I saw the issue reported (
https://github.com/CISecurity/OVALRepo/issues/133). However, i am not
able to see any pull request sent, even after the microsoft patch tuesday.
So is it that, new definitions are not being submmited for microsoft?
On Fri, Oct 30, 2015 at 5:44 PM, Stephen Keller <
Stephen.Keller@cisecurity.org> wrote:
Hi Sunil,
We are currently working on an issue regarding the latest updates
within the repository. We should have a fix in the near future.
Thanks,
Stephen Keller
Sr. Application Development Specialist
IT Center for Internet Security (518) 880-0720 www.cisecurity.org
http://cisecurity.org/ Follow us @CISecurity
On 10/30/2015 12:28 AM, Sunil Pagare wrote:
Hello All,
I've seemed that after transition from MITRE to CIS, the new or
modified vulnerability definitions for windows platform are being submitted
very less. So, I want to know about latest updates for the new or modified
vulnerability definitions.
Best Regards,
Sunil
On Wed, Oct 28, 2015 at 3:38 PM, Sunil Pagare <pagare.sunil@gmail.com
wrote:
Hello,
For OVAL repository on CISecurity site, it never shows latest
updates of any class. Only it shows for last 90 to 120 days.
I want to know that whether the latest updates for Vulnerability is
supported. If yes, how I can access the latest updates.
Awaiting for your feedback.
Best Regards,
Sunil
...
...
OVAL_Developer mailing listOVAL_Developer@lists.cisecurity.orghttp://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org
This message and attachments may contain confidential information. If
it appears that this message was sent to you by mistake, any retention,
dissemination, distribution or copying of this message and attachments is
strictly prohibited. Please notify the sender immediately and permanently
delete the message and any attachments.
. . .
...
OVAL_Developer mailing list
OVAL_Developer@lists.cisecurity.org
http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org
...
OVAL_Developer mailing list
OVAL_Developer@lists.cisecurity.org
http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org
David E. Ries
Co-Founder, Business Development
ries@jovalcm.com
[image: Joval Continuous Monitoring] http://jovalcm.com/
[image: Facebook] https://www.facebook.com/jovalcm [image: Linkedin]
https://www.linkedin.com/company/joval-continuous-monitoring
David E. Ries
Co-Founder, Business Development
ries@jovalcm.com
[image: Joval Continuous Monitoring] http://jovalcm.com
[image: Facebook] https://www.facebook.com/jovalcm [image: Linkedin]
https://www.linkedin.com/company/joval-continuous-monitoring
...