On Sonntag, 5. Juli 2015, Jonathan Rey wrote:
I would like to know if it's possible to have more information about the OID
structure. It is possible to obtain the whole structure about this page? =
http://www.openvas.org/openvas-oids.html
that page describes the current OID idea.
I need to do some comparison and matching with CVE. For me, CVE is the
reference for all vulnerabilities but he is not always present in your
reports. In your reports of analyses, I saw one OID reference is always
present. With that I guess it's for referencing the vulnerability internally
and probably match with OVAL. I founded this page
http://www.openvas.org/openvas-cr-13.html for have a matching OVAL! But I
don't understand clearly for the moment. Can you help me how I can match the
reference between OID and OVAL? Because OVAL use too the CVE reference.
OVAL and CVE and NVTs have each their own ID scheme.
CVE-only as reference will never work for a comprehensive up-to-date
vulnerability scanner.
There always will occur vulnerability tests not (yet) associated with CVE.
I recently played with the idea to map all CVE IDs into our OID scheme, but
there must be clear benefit for practice to do so.
I assume that we might refine our long-neglected OID scheme with upcoming
OSP 2.
--
Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B
202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
