As mentioned in the U.S. "INTERNATIONAL STRATEGY FOR CYBERSPACE"[1]
document,
we need "interoperable and secure technical standards, determined by
technical experts".
I would like to introduce my vision of "Software Vulnerability
Mitigation Automation"
via IVIL v1.0 via a (incomplete) Conceptual Map.
Requirements: ~15 minutes of your time, a headset and the Boléro
https://corevidence.com/research/vulnerability_interoperability_ivil_v1.jpg
(I extracted some links, please see below)
i = x2ivil + ivil2x
where "i" is interoperability and "x" a software (vulnerability
scanner,... + waf, virtual patching system, ...)
What do you think?
Thank you.
Best regards,
Jerome Athias - NETpeas
VP, Director of Software Engineer
Palo Alto - Paris - Casablanca
http://www.netpeas.com
"The computer security is an art form. It's the ultimate martial art."
[1]
http://www.whitehouse.gov/blog/2011/05/16/launching-us-international-strategy-cyberspace
IVIL-XML
http://www.cupfighter.net/index.php/2010/10/ivil-an-xml-schema-to-exchange-vulnerability-information/
ThreadFix http://code.google.com/p/threadfix/
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
