[TECH] CVE and IDS

["Steven M. Christey" <coley@linus.mitre.org>]

All:

Recently, an IDS mailing list included a discussion of CVE's
application to IDS systems (see http://msgs.securepoint.com/ids/).  An
Editorial Board member also requested a status update, so it seems
like a good time to let people know that we haven't forgotten about
this.

Many types of intrusion events do not map well to vulnerabilities or
exposures - consider ping mapping, packets with weird options, Trojan
Horse traffic, etc.  There is a clear need for a naming standard to
support them.  Many people believe that CVE is already going to do
this, but nothing has been really decided yet.

If you participated in the March Editorial Board meeting or read the
summary, then you know that participants expressed the desire to
extend CVE to include such items, but they agreed that it was best to
focus on vulnerabilities at this time.

There are some significant issues that need to be identified and
addressed if the CVE Initiative is to support naming IDS events.  Bill
Hill, Dave Baker, Margie Zuk, and I have been investigating these
larger issues internally.  We will continue to explore the issues, and
we will discuss our results with the Editorial Board at the
face-to-face meeting in Denver on August 14-15.

Currently, we are concentrating mostly on reaching 1000 entries and
resolving content decisions (with your help!), catching up on recently
announced security problems, and getting the new web site in place.
As the IDS discussions are likely to be lengthy and controversial, it
would not be optimal for us to pursue a full-fledged exploration of
CVE-and-IDS issues with the Board until the August meeting.

- Steve