Long-term input for benchmark standars/specifications
First, I apologize that many of you will be getting multiple copies of this due to overlap between the lists. However, I wanted to make sure this announcement reached all interested parties.
In cooperation with the ISAP Working Group, MITRE is soliciting input for long-term improvements and planning regarding all aspects of security benchmark specifications and standards. Basically we want to know how you, the users of the security benchmark standards, wish to be served by the security benchmark languages 5-10 years from now and how . For example:
- What sort of problems would you like to be able to solve using the security benchmark standards that they are not addressing today?
- Do you have any concerns about the long-term direction the standards are taking?
- What are some additional use cases towards which you would like to see the standards applied?
- What are the gaps in coverage that you see in the standards?
- What have you liked about your standards experience and where do you think there is room for improvement?
We are looking for ideas that are both long-term and high level. Suggestions about adding a new @foo attribute in the next release of CXE are outside the scope of this survey and should be addressed directly to the relevant standards body. Instead we are looking for input that will help with the long-term navigation of the standards in order to ensure they remain as relevant in 10 years as they are today.