Merit Network
 Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives
Network Security
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical FW: CVE-Announce e-newsletter/March 16, 2004

  • From: Howell, Paul
  • Date: Tue Mar 16 15:51:00 2004 

-----Original Message-----
From: owner-cve-announce-list@lists.mitre.org
[mailto:owner-cve-announce-list@lists.mitre.org] On Behalf Of cve@mitre.org
Sent: Tuesday, March 16, 2004 3:00 PM
To: cve-announce-list@lists.mitre.org
Subject: CVE-Announce e-newsletter/March 16, 2004


Welcome to the latest edition of the CVE-Announce e-newsletter. This email
newsletter is designed to bring recent news about CVE, such as new versions,
upcoming conferences, new Web site features, etc. right to your emailbox.
Common Vulnerabilities and Exposures (CVE) is a list or dictionary that
provides common names for publicly known information security
vulnerabilities and exposures. CVE content results from the collaborative
efforts of the CVE Editorial Board, which is comprised of leading
representatives from the information security community. Details on
subscribing (and unsubscribing) to the email newsletter are at the end.

Comments: cve@mitre.org

-------------------------------------------------------
CVE-Announce e-newsletter/March 16, 2004
-------------------------------------------------------

FEATURE STORY:

MITRE Presents CVE Compatibility Certificates in Awards Ceremony at "RSA
Conference 2004"

MITRE held an awards ceremony on Tuesday evening, February 24th at "RSA
Conference 2004," in San Francisco, California, USA, to present
"Certificates of CVE Compatibility" to the 10 organizations that have
achieved the final phase of MITRE's formal CVE Compatibility Process and
whose 14 information security products or services are now officially
"CVE-compatible."

Organizations participating in the ceremony included Foundstone, Inc.,
Harris Corporation, MITRE Corporation, Qualys, Inc., SAINT Corporation,
Sintelli Limited, and Software in the Public Interest, Inc. Organizations
receiving certificates but unable to participate in the ceremony were
Alliance Qualité Logiciel, Kingnet Security, Inc., and Red Hat, Inc.

For additional information about CVE compatibility and to review all
products and services listed, visit the CVE Compatibility Process and
CVE-Compatible Products and Services pages.


LINKS:

CVE Compatibility Process - http://cve.mitre.org/compatible/process.html

CVE-Compatible Products and Services - http://cve.mitre.org/compatible/


-------------------------------------------------------------
HOT TOPIC:

14 Information Security Products/Services Are Now Registered as Officially
"CVE-Compatible"

Fourteen information security products and services from ten organizations
have achieved the final stage of MITRE's formal CVE Compatibility Process
and are now officially "CVE-compatible." Each product is now eligible to use
the CVE-Compatible Product/Service logo, and their completed and reviewed
"CVE Compatibility Requirements Evaluation" questionnaires are posted as
part of their product listings on the CVE-Compatible Products and Services
page on the CVE Web site.

The following products are now registered as officially "CVE-Compatible":

  * Alliance Qualité Logiciel - Vigil@nceAQL (Vulnerability Database)

  * Foundstone, Inc. - Foundstone Enterprise 3.0 (Vulnerability
    Management System)

  * Harris Corporation - STAT Scanner

  * Kingnet Security, Inc. - Kingnet Intrusion Detection System

  * MITRE Corporation - Open Vulnerability Assessment Language (OVAL) Web
Site

  * Qualys, Inc. - QualysGuard Consultant, QualysGuard Enterprise,
    QualysGuard Express, and QualysGuard MSP

  * Red Hat, Inc. - Red Hat Security Advisories

  * SAINT Corporation - SAINT (Security Administrator's Integrated
    Network Tool)

  * Sintelli Limited - Sintelli Alert! (Vulnerability Alert Service)
    and Sintelli Vulnerability Database Web Site

  * Software in the Public Interest, Inc. - Debian Security Advisories

Use of the official CVE-Compatible logo by these organizations will allow
system administrators and other security professionals to look for the logo
when adopting vulnerability management products and services for their
enterprises. The compatibility process questionnaires will help end-users
compare how different products satisfy the CVE compatibility requirements,
and therefore which specific implementations are best for their networks and
systems.

For additional information about CVE compatibility and to review all
products and services listed, visit the CVE Compatibility Process and
CVE-Compatible Products and Services pages.


LINKS:

CVE Compatibility Process - http://cve.mitre.org/compatible/process.html

CVE-Compatible Products and Services - http://cve.mitre.org/compatible/


-------------------------------------------------------------
UPCOMING EVENTS:

March 22-24, 2004
"MISTI's InfoSec World Conference and Expo/2004," Orlando, Florida, --CVE
booth and companies with CVE-compatible products also exhibiting

June 6-9, 2004
"Sixth Annual International Techno-Security Conference," Myrtle Beach, South
Carolina, USA --CVE booth and companies with CVE-compatible products also
exhibiting


Visit the CVE Calendar page for conference URLs and more upcoming events at
http://cve.mitre.org/news/calendar.html


-------------------------------------------------------------
Also in this issue:

* Foundstone, Inc. Issues Press Release Announcing Full CVE Compliance
  and Receipt of "Certificate of CVE Compatibility"

* Harris Corporation Issues Press Release Announcing STAT Scanner's
  Recognition for CVE Compatibility

* Qualys, Inc. Issues Media Advisory Announcing Receipt of Four
  Certificates of CVE Compatibility

* SAINT Corporation Issues Press Release Announcing Receipt of
  "Certificate of CVE Compatibility" for its SAINT Tool

* Symantec Corporation Makes CVE Compatibility Declaration for
  "Symantec Client Security"

* NileSOFT Ltd. Makes CVE Compatibility Declaration for "Secuguard
  System Security Explorer" and "Secuguard Network Security Explorer"

* Symantec Corporation Makes CVE Compatibility Declarations for
  "Symantec Vulnerability Assessment" and "Symantec iForce IDS
  Appliance"

* Computer Associates International, Inc. Makes CVE Compatibility
  Declaration for "eTrust Vulnerability Manager" and "eTrust Policy
  Compliance"

* Symantec Corporation Makes CVE Compatibility Declaration for
  "DeepSight Alert Services"

* Application Security, Inc. Makes CVE Compatibility Declaration for
  "AppDetective for Web Applications" and "AppRadar for Microsoft SQL
  Server"

* NetScreen Technologies, Inc. Makes CVE Compatibility Declaration for
  "NetScreen-IDP 10," "NetScreen-IDP 500, " and "NetScreen-IDP 1000"

* InteractNetworks, Inc. Makes CVE Compatibility Declaration for
  "Lockdown Vulnerability Management Appliance (Lockdown VMA)"

* CVE Included in "InfoWorld" Article about Checking Your OS for
  Vulnerabilities

* MITRE Hosts CVE/OVAL Booth at "RSA Conference 2004," February 23rd-27th

* MITRE Hosts CVE/OVAL Booth at "2004 Information Assurance Workshop,"
  February 2nd-4th


Read these stories and more news at http://cve.mitre.org/news


---------------------------------------------------------------
Subscribe to "CVE-Data-Update" for Technical Updates

Intended for technical users of CVE such as vulnerability database
maintainers or those who require timely notification of new candidates, the
"CVE-Data-Update" e-newsletter provides subscribers with reports of new CVE
entries and/or candidates and other detailed technical information regarding
CVE. Subscribe now at http://cve.mitre.org/signup/register.html.


---------------------------------------------------------------
Details + Credits

Managing Editor: Steve Christey, Information Security Technical Center.
Writer: Bob Roberge, Corporate Communications. The MITRE Corporation
(www.mitre.org) maintains CVE and provides impartial technical guidance to
the CVE Editorial Board on all matters related to ongoing development of
CVE.

To unsubscribe from the CVE-Announce e-newsletter, open a new email message
and copy the following text to the BODY of the message "SIGNOFF
CVE-Announce-list", then send the message to: listserv@lists.mitre.org. To
subscribe, send an email message to listserv@lists.mitre.org with the
following text in the BODY of the
message: "SUBSCRIBE CVE-Announce-List".

Copyright 2004, The MITRE Corporation. CVE and the CVE logo are registered
trademarks of The MITRE Corporation.

For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cve@mitre.org.

------------------------------------------------------------------------
To unsubscribe from netsec, send mail to majordomo@merit.edu
with a body consisting of the words "unsubscribe netsec" --
without the quotes. For more help, send a message to majordomo@merit.edu
with the word "help" as the body.
------------------------------------------------------------------------


Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.