News & EventsMay 7, 2008 MITRE Scheduled to Present "Making Security Measurable" Briefing at 2008 IEEE Conference on the Technologies for Homeland Security on May 12-13 MITRE Principal Engineer Robert A. Martin is scheduled to present a briefing about Making Security Measurable to the 2008 IEEE Conference on Technologies for Homeland Security on May 12-13, 2008 at the Westin Hotel in Waltham, Massachusetts, USA. Visit the CCE Calendar for information on this and other events. Contact cce@mitre.org to have CCE present a briefing or participate in a panel discussion about CCE, CVE, CPE, CWE, CAPEC, CEE, CRF, OVAL, and/or Making Security Measurable at your event. MITRE Scheduled to Present "Making Security Measurable" Briefing and Conduct a Full-Day Tutorial at AusCERT 2008 on May 18-23 MITRE Principal Engineer Robert A. Martin and MITRE Principal INFOSEC Engineer Steven M. Christey are scheduled to present a briefing about Making Security Measurable and conduct a full-day Making Security Measurable tutorial at AusCERT 2008 on May 18-23, 2008 at the Crowne Plaza Royal Pines Resort in Gold Coast, Australia. Visit the CCE Calendar for information on this and other events. MITRE Presents "Making Security Measurable" Briefing at CSI Security Exchange 2008 on April 27 MITRE Principal Engineer Robert A. Martin presented a Making Security Measurable briefing entitled "Architecting Security Measurement and Management for Compliance" at CSI Security Exchange 2008 on April 27, 2008 at Mandalay Bay Convention Center in Las Vegas, Nevada, USA. Visit the CCE Calendar for information on this and other events. MITRE Presents "Making Security Measurable" Briefing at GOVSEC on April 24 MITRE Principal Engineer Robert A. Martin presented a Making Security Measurable briefing entitled "Architecting Your IT Security Standards to Secure your Enterprise" at GOVSEC on April 24, 2008 at Walter E. Washington Convention Center in Washington, D.C., USA. Visit the CCE Calendar for information on this and other events. April 16, 2008 MITRE Hosts "Making Security Measurable" Booth at RSA 2008, April 7-11 MITRE hosted a Making Security Measurable exhibitor booth at RSA 2008 on April 7-11, 2008 at the Moscone Center in San Francisco, California, USA. The conference exposed the CCE, CVE, CME, CPE, CWE, CAPEC, CEE, CRF, OVAL, and Making Security Measurable efforts to information security professionals from government and industry. Visit the CCE Calendar for information on this and other events. March 20, 2008 CCE Mentioned in Government Computer News Article about SCAP CCE was mentioned in a March 3, 2008 article entitled "SCAP narrows security gap" in Government Computer News. The main topic of the article is the U.S. National Institute of Standards and Technology’s (NIST) Security Content Automation Protocol (SCAP) program, which is "a suite of tools to help automate vulnerability management and evaluate compliance with federal information technology security requirements." CCE is mentioned as one of the six SCAP includes: "Common Configuration Enumeration from Mitre, standard identifiers and dictionary for system security configuration issues." The author also notes the other standards are Common Vulnerabilities and Exposures (CVE), a dictionary of standard identifiers for security vulnerabilities related to software flaws; Open Vulnerability and Assessment Language (OVAL), a standard XML for security testing procedures and reporting; Common Configuration Enumeration (CCE), standard identifiers and a dictionary for system security configuration issues; and Common Platform Enumeration (CPE); Extensible Configuration Checklist Description Format (XCCDF), a standard for specifying checklists and reporting results; and Common Vulnerability Scoring System (CVSS). MITRE to Host "Making Security Measurable" Booth at RSA 2008, April 7-11 MITRE is scheduled to host a Making Security Measurable exhibitor booth at RSA 2008 on April 7-11, 2008 at the Moscone Center in San Francisco, California, USA. The conference will expose the CCE, CVE, CME, CPE, CWE, CAPEC, CEE, CRF, OVAL, and Making Security Measurable efforts to information security professionals from government and industry. Visit the CCE Calendar for information on this and other events. MITRE Presents "Making Security Measurable" Briefing at SEPG North America 2008 on March 18 MITRE Principal Engineer Robert A. Martin presented a Making Security Measurable briefing entitled "Architecting Security for Enterprise Process Improvement" at SEPG North America 2008 on March 18, 2008 at the Tampa Convention Center in Tampa, Florida, USA. Visit the CCE Calendar for information on this and other events. Contact cce@mitre.org to have CCE present a briefing or participate in a panel discussion about CCE, CVE, CPE, CWE, CAPEC, CEE, CRF, OVAL, and/or Making Security Measurable at your event. MITRE Hosts "Making Security Measurable" Booth at InfoSec World 2008, March 10-11 MITRE hosted a Making Security Measurable exhibitor booth at InfoSec World Conference & Expo 2008 on March 10-11, 2008 at the Rosen Shingle Creek Resort in Orlando, Florida, USA. The conference exposed the CCE, CVE, CPE, CWE, CAPEC, CEE, CRF, OVAL, and Making Security Measurable efforts to information security professionals from government and industry. Visit the CCE Calendar for information on this and other events. March 5, 2008 CCE Version 5 Now Available Version 5 of CEE has been posted on the CCE List page. In Version 5 CCE Identifiers (CCE-IDs) are assigned according to platform groups. Many issues with a single CCE-ID in Version 4.2 are assigned multiple CCE-IDs in Version 5, one for each applicable platform group. Platform groups for Version 5 include: Windows Vista, Windows XP, Windows 2000, Windows Server 2008, Windows Server 2003, Office 2007, Internet Explorer 7, Red Hat Enterprise Linux 5, and Sun Solaris 10. Please send feedback on CCE to cce@mitre.org. February 14, 2008 MITRE Scheduled to Host "Making Security Measurable" Booth at InfoSec World 2008, March 10-11 MITRE is scheduled to host a Making Security Measurable exhibitor booth at InfoSec World Conference & Expo 2008 on March 10-11, 2008 at the Rosen Shingle Creek Resort in Orlando, Florida, USA. The conference will expose the CCE, CVE, CME, CPE, CWE, CAPEC, CEE, CRF, OVAL, and/or Making Security Measurable efforts to information security professionals from government and industry. Visit the CCE Calendar for information on this and other events. February 1, 2008 MITRE Hosts "Making Security Measurable" Booth at 2008 Information Assurance Workshop, January 28 - February 1 MITRE hosted a Making Security Measurable exhibitor booth at the 2008 Information Assurance Workshop on January 28 - February 1, 2008 at the Philadelphia Marriott Downtown in Philadelphia, Pennsylvania, USA. The conference exposed the CCE, CVE, CME, CPE, CWE, CAPEC, CEE, CRF, OVAL, and/or Making Security Measurable efforts to information security professionals from government and industry. Visit the CCE Calendar for information on this and other events. January 3, 2008 MITRE Announces Initial "Making Security Measurable" Calendar of Events for 2008 MITRE has announced its initial Making Security Measurable calendar of events for the first half of 2008. Details regarding MITRE’s scheduled participation at these events are noted on the CCE Calendar page. Each listing includes the event name with URL, date of the event, location, and a description of our activity at the event.
Other events will be added throughout the year. Visit the CCE Calendar for information or contact cce@mitre.org to have CCE present a briefing or participate in a panel discussion about CCE, CVE, CME, CPE, CWE, CAPEC, CEE, CRF, OVAL, and/or Making Security Measurable at your event. December 14, 2007 CCE List, Version 4.1 Now Available Version 4.1 of the CCE List is now available. The updated list contains new CCE Identifiers (CCE-IDs) created primarily for the U.S. National Institute of Standards and Technology’s Security Content Automation Protocol (SCAP) content for the Federal Desktop Core Configuration (FDCC) for Microsoft Vista, and for the 2007 Microsoft Office Security Guide released by Microsoft on November 11, 2007. References for these two sources will be added at a later date. In addition, Version 5.0 of CCE List is in Draft Stage and posted for review in the Upcoming Version section of the CCE List page. Many of the configuration issues with a single CCE-ID in Version 4 will have multiple CCE-IDs in Version 5, one for each applicable platform group. Please send feedback on the current and/or upcoming versions of CCE to cce@mitre.org. December 6, 2007 CCE Version 5.0 in Draft Stage Version 5.0 of the CCE List is currently in the Draft stage. In Version 5 CCE Identifiers (CCE-IDs) will be assigned according to platform groups, which will allow CCE-IDs to be organized and created more efficiently. Many of the issues that are assigned a single CCE-ID in Version 4 will be assigned multiple CCE-IDs in Version 5, one for each applicable platform group. The platform groups for Version 5 include "Windows Vista," "Windows XP," "Windows 2000," "Windows Server," "Internet Explorer 7," and "Office 2007." MITRE will provide a clear migration plan for replacing Version 4.0 CCE-IDs with Version 5.0 CCE-IDs when Version 5 is finalized. Version 4.0 remains the official version of the CCE List. MITRE to Host "Making Security Measurable" Booth at 2008 Information Assurance Workshop, January 28 - February 1 MITRE is scheduled to host a Making Security Measurable exhibitor booth at the 2008 Information Assurance Workshop on January 28 - February 1, 2008 at the Philadelphia Marriott Downtown in Philadelphia, Pennsylvania, USA. The conference will expose the CCE, CVE,
CPE, CME,
CAPEC, CWE,
OVAL, and Making
Security Measurable efforts to information security professionals
from government and industry. Visit the CCE
Calendar for information on this and other events. |
||||
