I would like to formally welcome you all to our new remediation working
group. This new working group is intended to foster community
discussion on remediation with the ultimate goal of developing a
standardized remediation language.
This working group is starting at the request of the OVAL Board and
several others in the OVAL community. There are now 50 subscribers
representing over 20 organizations on this mailing list. This group
represents a great mix of government, academic, and industry
participants with a vast amount of experience. The diverse
perspectives, backgrounds, and experiences of this group will shape
this new standard.
The first topic we need to address is the scope of this effort. I
suspect that the word remediation comes with a lot of baggage. Below is
a definition of remediation:
Remediation - the act or process of correcting a fault or deficiency.
Let's initially expand this definition to allow for changing the state
of a system. This could include fixing a vulnerability, starting a
service, updating software, or any other item that changes that state
of some system where the state is something that we could check with an
OVAL Definition or similar.
With this definition in mind let's start off by compiling a set of
primary Use Cases. When considering Use Cases it is important to keep
an open mind. This is the best way for us all to understand each
other's needs in this space. We will work together through this mailing
list to develop the set of core use cases for our new effort. Please do
not hesitate to submit Use Cases to this mailing list that may be
specific to your organizational needs or might at first seem too
focused or out of scope. For now, there is no such thing as a bad Use
As Use Cases are submitted we will work to clarify them. Once we have
made significant progress in identifying Use Cases we will compile and
consolidate as appropriate in order to develop the core set of Use
Cases. The core Use Cases will be used to define a set of core
requirements for our new effort.
A session at OVAL Developer Days will be dedicated to the discussion of
remediation. To make the most of this time I hope to have made good
progress in identifying our core Use Cases so that we can work as a
group through requirements for this new effort.
In a separate message I will include some links to past discussions on
this topic for us to review.