, 2007 4:38 PM
To: Secure Coding
Subject: Re: [SC-L] The Next Frontier
On 6/26/07 5:00 PM, "McGovern, James F (HTSC, IT)"
<[EMAIL PROTECTED]> wrote:
Would there be value in terms of defining an XML schema that all tools
could emit audit information to?
You might want to take a
SCAP deals with finding known vulnerabilities or configuration problems on
live networks, not the results of an ad hoc analysis of a single software
package. NIST's SAMATE project might have exchange formats on a to-do
list somewhere, but I'm not deeply involved in that project except as it
relat
At 4:38 PM -0400 6/27/07, Paco Hope wrote:
> On 6/26/07 5:00 PM, "McGovern, James F (HTSC, IT)" <[EMAIL PROTECTED]> wrote:
>
> Would there be value in terms of defining an XML schema that all tools could
> emit audit information to?
>
> You might want to take a look at what the Fortify guys alre
On 6/26/07 5:00 PM, "McGovern, James F (HTSC, IT)" <[EMAIL PROTECTED]> wrote:
Would there be value in terms of defining an XML schema that all tools could
emit audit information to?
You might want to take a look at what the Fortify guys already do. Their "FVDL"
(Fortify Vulnerability Descriptio