Hello Jan, OVAL metadata schema currently has,
Title <-> Overview Affected (platform, products) <-> Affected Reference (CVE, CPE, other ref's) <-> some NVT's have this, we should use for all Description <-> Insight In the new proposal, you add Immune and Solution. OVAL doesn't take care of the solution part, OVRL (an upcoming standard) is supposed to handle. I feel, we should separate the solution part as of now by adding another XML for solution only. The advantage of separation is that, we can add superseding information, For example, if App X.X is superseded by X.Y, we can always say upgrade to X.Y instead of X.X, if this information is captured in the solutions metadata. Thanks, Chandra. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Jan-Oliver Wagner Sent: Tuesday, February 07, 2012 3:10 AM To: [email protected] Subject: [Openvas-plugins] Breaking up NVT Description Hello, I am coming back to a discussion from November about breaking up the description part of the NVTs into sensible elements. Sebastien Aucouturier made a analysis on the description content and found a number of keywords (see below). The choice should be condensed to a sensible set. I imagine a solution where the NVTs will break up the description into several tags. The tags can be used by the Manager to assemble better reports (ignoring the old-style description and result block). Scanner would need to make a version check and for <= 5 it should apply traditional description and result and for newer version should only return a result reduced to the very core of result. The disadvantage of this concept is that until OpenVAS-5 is retired, the meta data in the NVTS are doubled. The advantage is to have a smooth transition. If we agree quickly on the elements it might be possible to implement a work-around into OpenVAS-5 to already process the new style as soon as it appears in the NVTs. Which could reduce the waiting time to until OpenVAS-4 retires. Current Keywords in NVTs (Nov 2011): """ Overview Synopsis Description Vulnerability Insight Solution Fix Impact Reference[s?] Workaround Example Affected [Ss]oftware(\/OS)? Risk [fF]actor Impact [lL]evel See [aA]lso CVSS Score( Report)? CVSS Base Score N(OTE|ote) Bug Report Change[Ll]og Other bugs fixed Update Information More [Ii]nformation The following package is affected The following versions are affected The following versions are vulnerable Vulnerable systems Immune systems The issue affects the following """ My first attempt to condense this (any suggestions and proposals welcome to improve this): - Overview (the short summary) - Insight (technical information for experts) - Affected (what products, services, systems are affected) - Immune (which are immunue) - Solution (how to fix the problem) And then "Results" which is what is returned only. Anything else is meta information. CVSS and risk factor are gone to tags already. References could go to xrefs. Some of the information seem to be redundant as they are available 1:1 in the original CVE reports. Any opinions, comments welcome! Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-plugins mailing list [email protected] http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins _______________________________________________ Openvas-plugins mailing list [email protected] http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins
