I think we all understand what you've written below, but it would be better suited to have the same information in those areas that are the same. In other words, if the check is a scanner check, than the scanner vuln catalog should be the same as the Xforce page, etc. We in the IA community that use this tool and value its assistance would probably like to spend more time fixing and discovering rather than checking two or three sources to make sure the info is timely, correct, and relevant.
-----Original Message----- From: Lau, Jamie (ISS Atlanta) [mailto:JLau@;iss.net] Sent: Friday, October 25, 2002 7:28 PM To: Craig, Scott; [EMAIL PROTECTED] Subject: RE: [ISSForum] Vuln Catalog Vs. Xforce Pages Vs. Policy Editor. I would like to take the opportunity to clarify a little about the X-Force Database. The X-Force Database is an extensive database of vulnerabilities and threats, and includes vulnerabilities and threats covered by ISS products as well as those that are not. The database contains over 10,000 vulnerabilities, threats, and security checks, compiled from the Internet, original X-Force research, ISS software, and other software. It is the result of thousands of hours of work by X-Force researchers and other ISS employees. It also appears on the Internet as the only public database available from a commercial vendor. The X-Force Database is a resource to both ISS customers and non-customers. ISS offers a large number of solutions for security issues. However, the product specific information is not provided in the database on the web site for multiple reasons, including the usability challenges it would create. The products do, however, link back to the database for applicable vulnerabilities and threats, and the products do incorporate X-Force Database information. As for the naming differences you've noted, the product name for a single security issue may vary based on the vulnerability check being performed, or the attack variation against the vulnerability. -Jamie -----Original Message----- From: Craig, Scott [mailto:SCraig@;kmart.com] Sent: Wednesday, October 23, 2002 9:39 AM To: '[EMAIL PROTECTED]' Subject: RE: [ISSForum] Vuln Catalog Vs. Xforce Pages Vs. Policy Editor. There's also some naming differences. There's an XForce database name for a vulnerability or attack, then there's an Internet Scanner name for a vulnerability and a RealSecure name for an attack... yet there's another name listed in RealSecure Fast Analysis which is probably what is used in Site Protector. I'm only hoping that someday these labels will be standardized. I agree in that the categories would be nice to have listed as well. I also found that diving directly into the database schema that there's more data than we see through the GUI, such as vuln-tag (and the known vuln-name) within Internet Scanner. I've also seen differences in old versus new policy editor descriptions. Dating them helps me, especially if I report on a vulnerability found that is 2-3 years old, it helps to have some backing in reporting possible negligence or gaps in due dilligence. I've seen some listings that state related well known attacks, but others don't exist. It would be nice to list within a description a heading for related attack packages such as "Nimda Worm" or a vulnerability associated with Code Red or Nimda. It may not be possible to cover all malware that comes out, but a vulnerability with a wide spread attack like Nimda should be something that can be updated at any time, and for the normal level of malware, any time within 3-6 months after a check is available. > -----Original Message----- > From: "Puente Gir�n, Jose Luis" [mailto:jlpuente@;colt-telecom.es] > Sent: Tuesday, October 22, 2002 11:04 AM > To: 'Evans, Mark' > Cc: '[EMAIL PROTECTED]' > Subject: RE: [ISSForum] Vuln Catalog Vs. Xforce Pages Vs. > Policy Editor. > > > I find Mark�s observations very sensible; I also noticed. > > -----Mensaje original----- > De: Evans, Mark [mailto:EvansM@;ritchie.disa.mil] > Enviado el: martes 22 de octubre de 2002 15:43 > Para: '[EMAIL PROTECTED]' > Asunto: [ISSForum] Vuln Catalog Vs. Xforce Pages Vs. Policy Editor. > > > Anyone notice how the three areas of information that ISS > uses to support their vulnerabilities are not in sync? Here's > the issue: On ther Xforce listing of Vulnerabilities, you > have information like Consequences: Gain Access. This is very > good because it helps one determine the amount of effort one > puts toward fixing the problem. But on the Vuln Catalog > pages, this entry is not present. But, on the other hand, on > the Vuln Catalog pages, you have great information like False > Positive, False Negative, and Required Permissions. This > information is not availble on the Xforce pages. And none of > this info if available while in the policy editor and viewing > vulnerabilities. I would think it would be much easier and > more efficient to maintain one database with all this > information. It would also be nice to have the Catagory that > the checks belong to(such as NT Critical Issues, > etc.) listed on the pages as well, especially the the little > bomb showing it as a denial-of-service check. I wonder if > there are any plans to merge these respective information bases? > > _______________________________________________ > ISSForum mailing list > [EMAIL PROTECTED] > > > ********************************************************************** > COLT Telecom Espana S.A. > Oficina Registrada en: Telemaco, 5 28027 Madrid > Tel. +34 91 789 9000 > > This message is subject to and does not create or vary any > contractual relationship between COLT Telecommunications, its > subsidiaries or > affiliates ("COLT") and you. Internet communications are not > secure and therefore COLT does not accept legal > responsibility for the contents of this message. Any view or > opinions expressed are those of the author. The message is > intended for the addressee only and its contents and any > attached files are strictly confidential. If you have > received it in error, please telephone the number above. Thank you. > > ********************************************************************** > > _______________________________________________ > ISSForum mailing list > [EMAIL PROTECTED] > _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] _______________________________________________ ISSForum mailing list [EMAIL PROTECTED]
