|
|||||
 |
 |
||||
| CCE Website is in "Archive" status — read the announcement | |||||
News & Events — 2012 ArchiveSeptember 28, 2012 Meeting Minutes from Security Automation Developer Days 2012 Now Available Meeting minutes from the Security Automation Developer Days 2012 conference held on July 9-13, 2012 at MITRE Corporation in Bedford, Massachusetts, USA are now available on the Making Security Measurable Web site, and includes those from the CCE-focused session. CCE/Making Security Measurable Booth at IT Security Automation Conference 2012 CCE/Making Security Measurable booth at IT Security Automation Conference 2012 on October 3-5, 2012 at Baltimore Convention Center in Baltimore Inner Harbor, Maryland, USA. Visit the OVAL Calendar for information on this and other events. MITRE Hosts CCE/Making Security Measurable Booth at 2012 Information Assurance Expo MITRE will host a CCE/Making Security Measurable booth at 2012 Information Assurance Expo on August 27-30, 2012 at Gaylord Opryland Resort and Convention Center in Nashville, Tennessee, USA. Attendees learned how information security data standards such as CVE®, CCE™, CPE™, CWE™, CWSS™, CAPEC™, MAEC™, CybOX™, STIX™, CEE™, OVAL®, etc., facilitate both effective security process coordination and the use of automation to assess, manage, and improve the security posture of enterprise security information infrastructures. Visit the CCE Calendar for information on this and other events. August 1, 2012 MITRE Hosts CCE/Making Security Measurable Booth at Black Hat Briefings 2012 MITRE hosted a CCE/Making Security Measurable booth at Black Hat Briefings 2012 on July 25-26, 2012 at Caesars Palace Las Vegas in Las Vegas, Nevada, USA. Attendees learned how information security data standards such as CVE®, CCE™, CPE™, CWE™, CWSS™, CAPEC™, MAEC™, CybOX™, CEE™, OVAL®, etc., facilitate both effective security process coordination and the use of automation to assess, manage, and improve the security posture of enterprise security information infrastructures. Visit the CCE Calendar for information on this and other events. CCE Briefing Slides from Security Automation Developer Days 2012 Now Available Briefing presentation slides from the CCE-focused session at the Security Automation Developer Days 2012 conference on July 9-13, 2012 at MITRE in Bedford, Massachusetts, USA are now available for download on the Events and Participation page on the Making Security Measurable Web site. Briefing slides from the 21 other presentations at the event are also included. July 2, 2012 MITRE to Host CCE/Making Security Measurable Booth at Black Hat Briefings 2012 MITRE will host a CCE/Making Security Measurable booth at Black Hat Briefings 2012 on July 25-26, 2012 at Caesars Palace Las Vegas in Las Vegas, Nevada, USA. Please visit us at Booth 216 and say hello! Visit the CCE Calendar for information on this and other events. June 19, 2012 Registration Now Closed for MITRE’s Security Automation Developer Days 2012 on July 9-13 Registration is now closed for MITRE’s free Security Automation Developer Days 2012 conference scheduled for July 9-13, 2012 at MITRE in Bedford, Massachusetts, USA. For the event agenda, lodging, and other conference details please visit the conference details page. June 4, 2012 Agenda Now Available for MITRE’s Security Automation Developer Days 2012 on July 9-13 The agenda for MITRE’s free Security Automation Developer Days 2012 conference scheduled for July 9-13, 2012 at MITRE in Bedford, Massachusetts, USA is now available at https://register.mitre.org/devdays/agenda.pdf. For registration, lodging, and other conference details visit the conference registration page. Please note that registration will close on June 15. May 24, 2012 CCE List Content Updated CCE Version 5.20120521 is now available on the CCE List page. There are now 11,215 total CCE entries in the CCE List. A report is available that that provides more details on the changes between Version 5.20120314 and Version 5.20120521. Changes for Version 5.20120521 include: 364 total new entries added, the first release of a CCE list for Polycom HDX 3.X with 361 entries, and 3 new entries for Microsoft Windows 7. Future updates will be noted here and on the CCE Working Group email discussion list. Please send any comments or concerns to cce@mitre.org. May 11, 2012 "CCE Submissions" Page Added to CCE List Section A CCE Submissions page has been added to the CCE List section of the CCE Web site to assist CCE content providers who are preparing to submit content to the CCE effort. The new page includes information and downloads for the CCE Submission Template and CCE Schema, as well as links to other helpful resources for content submissions. Registration Now Open for Security Automation Developer Days 2012 on July 9-13 MITRE Corporation will host the fourth Security Automation Developer Days conference on July 9-13, 2012, at MITRE in Bedford, Massachusetts, USA. This five-day conference is technical in nature and will focus on the U.S. National Institute of Standards and Technology’s (NIST) Security Content Automation Protocol (SCAP). The purpose of the event is for the community to discuss SCAP — and those existing standards upon which it is based including Common Configuration Enumeration (CCE™), Common Platform Enumeration (CPE™), Open Vulnerability and Assessment Language (OVAL®), Extensible Configuration Checklist Description Format (XCCDF) — in technical detail and to derive solutions that benefit all concerned parties. All current and emerging SCAP standards are addressed at this workshop. MITRE first hosted Developer Days in 2005 and has been running them annually ever since. The model for these technical exchanges has since been adopted as the format used by the Security Automation community. An agenda will be available soon. For registration, lodging, and other conference details, please visit: https://register.mitre.org/devdays/. April 5, 2012 MITRE Hosts CCE/Making Security Measurable Booth at InfoSec World 2012 MITRE hosted a CCE/Making Security Measurable booth at InfoSec World Conference & Expo 2012 at Disney’s Contemporary Resort in Orlando, Florida, USA, on April 2-4, 2012. Attendees learned how information security data standards such as CCE, CPE, CVE, CybOX, CAPEC, MAEC, CWE, CEE, OVAL, etc., facilitate both effective security process coordination and the use of automation to assess, manage, and improve the security posture of enterprise security information infrastructures. Visit the CCE Calendar for information on this and other events. March 27, 2012 MITRE to Host CCE/Making Security Measurable Booth at InfoSec World 2012, April 2-4 MITRE will host a CCE/Making Security Measurable booth at InfoSec World Conference & Expo 2012 at Disney’s Contemporary Resort in Orlando, Florida, USA, on April 2-4, 2012. Attendees will learn how information security data standards such as CCE, CPE, CVE, CybOX, CAPEC, MAEC, CWE, CEE, OVAL, etc., facilitate both effective security process coordination and the use of automation to assess, manage, and improve the security posture of enterprise security information infrastructures. Members of the CCE Team will be in attendance. Please stop by Booth 513 and say hello! Visit the CCE Calendar for information on this and other events. March 16, 2012 CCE List Content Updated CCE Version 5.20120314 is now available on the CCE List page. There are now 10,851 total CCE entries in the CCE List. A report is available that that provides more details on the changes between Version 5.20111130 and Version 5.20120314. Changes for Version 5.20120314 include: 180 total new entries added; the first release of CCE lists for Microsoft Exchange 2007 with 66 entries and Microsoft Exchange 2010 with 76 entries; 8 new entries for Microsoft Internet Explorer 7; 9 new entries for Microsoft Windows XP; 19 new entries for Microsoft Windows Vista; 2 new entries for Microsoft Windows 7; and formatting updates for Oracle WebLogic Server 11g. Future updates will be noted here and on the CCE Working Group email discussion list. Please send any comments or concerns to cce@mitre.org. March 9, 2012 CCE Mentioned in Article about Updates to Guidelines for Adopting and Using Security Content Automation Protocol (SCAP) on GCN CCE is mentioned in a January 9, 2012 article entitled "Getting the most out of automated IT security management" on Government Computer News.com. The main topic of the article is the National Institute of Standards and Technology (NIST) updating its guidelines for using Security Content Automation Protocol (SCAP) "for checking and validating security settings on IT systems" by releasing "Special Publication 800-117, Guide to Adopting and Using the Security Content Automation Protocol Version 1.2, Revision 1." CCE is mentioned when the author explains how SCAP combines several existing community standards created and maintained by several different organizations "including MITRE Corp., the National Security Agency, and the Forum for Incident Response and Security Teams", and that the "specifications making up SCAP are divided into languages, reporting formats, enumerations, measurement and scoring systems, and integrity protection." The author then lists the 11 SCAP components, with CCE included under Enumerations. The other MITRE initiatives listed are Common Vulnerabilities and Exposures (CVE) and Common Platform Enumeration (CPE), also under Enumerations, and under Languages, Open Vulnerability and Assessment Language (OVAL). The article concludes with a summary of the updates to the guidelines. Photos of CCE/Making Security Measurable Booth at RSA 2012 MITRE hosted a CCE/Making Security Measurable booth at RSA Conference 2012 at the Moscone Center in San Francisco, California, USA, on February 27 – March 2, 2012. Attendees learned how information security data standards such as CCE, CPE, CVE, CybOX, CAPEC, CWE, CWSS, MAEC, CEE, OVAL, etc., facilitate both effective security process coordination and the use of automation to assess, manage, and improve the security posture of enterprise security information infrastructures. Making Security Measurable booth photos:
Visit the CCE Calendar for information on this and other events. February 8, 2012 CCE/Making Security Measurable Booth at RSA 2012, February 27 – March 2 MITRE is scheduled to host a CCE/Making Security Measurable booth at RSA Conference 2012 at the Moscone Center in San Francisco, California, USA, on February 27 – March 2, 2012. Attendees will learn how information security data standards such as CCE, CPE, CVE, CybOX, CAPEC, CWE, CWSS, MAEC, CEE, OVAL, etc., facilitate both effective security process coordination and the use of automation to assess, manage, and improve the security posture of enterprise security information infrastructures. Members of the CCE Team will be in attendance. Please stop by Booth 2617 and say hello! Visit the CCE Calendar for information on this and other events. January 4, 2012 XML File for CCE Release 5.20111130 Updated A new XML download for CCE Version 5.20111130 is now available on the CCE List page, which corrects errors in the file released on December 1, 2011. The previous XML file did not contain resource information due to an issue with our conversion process. This new file restores the metadata about each resource currently cited in the CCE List. Please note that this is not a new release of the CCE List. It is a corrected XML representation of the canonical CCE spreadsheet for version 5.20111130. All CCE entries remain the same. Future updates will be noted here and on the CCE Working Group email discussion list. Please send any comments or concerns to cce@mitre.org. MITRE Announces Initial "Making Security Measurable" Calendar of Events for 2012 MITRE has announced its initial Making Security Measurable calendar of events for 2012. Details regarding MITRE’s scheduled participation at these events are noted on the CCE Calendar page. Each listing includes the event name with URL, date of the event, location, and a description of our activity at the event.
Other events may be added throughout the year. Visit the CCE Calendar for information or contact cce@mitre.org to have MITRE present a briefing or participate in a panel discussion about CCE, CVE, CPE, CAPEC, CybOX, CWE, MAEC, CEE, OVAL, Software Assurance, and/or Making Security Measurable at your event. |
||||
