Previous remediation proposal

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Previous remediation proposal

Jon Baker
Administrator
Here is a link to the previous PatchLink proposal for remediation.

http://www.nabble.com/A-discussion-document-for-OVAL-DEV-DAYS-next-week
-td11796741ef24857.html#a11796741

I encourage you all to review this proposal.

Thanks,

Jon

============================================
Jonathan O. Baker
The MITRE Corporation
Email: [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Previous remediation proposal

Ken Lassesen-3
As a general sketch of my thinking...

We should start with known Xml based installation/remediation existing
technologies, for example, for Windows,
* WIX see http://sourceforge.net/projects/wix 

To which we augment any existing Linux/Unix Installer XML and Max
Installer Xml tools. These appear to exist from looking at
http://www.krugle.org/examples/p-G2fyzmSXDroBT4g2/build-installer.xml

The key for this community is
    1) Identify all the installer.xml dialects out there
    2) Identify any that support decomposition of a package (Major
impact for patch Tuesday)
    3) Refactor them into a common language

That should get us started....

-----Original Message-----
From: Baker, Jon [mailto:[hidden email]]
Sent: Friday, March 28, 2008 6:58 AM
To: [hidden email]
Subject: [OVAL-REMEDIATION-DISCUSSION-LIST] Previous remediation
proposal

Here is a link to the previous PatchLink proposal for remediation.

http://www.nabble.com/A-discussion-document-for-OVAL-DEV-DAYS-next-week
-td11796741ef24857.html#a11796741

I encourage you all to review this proposal.

Thanks,

Jon

============================================
Jonathan O. Baker
The MITRE Corporation
Email: [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Previous remediation proposal

Jon Baker
Administrator
Ken,

Thanks for the pointers.

If possible I would like us to consider the problems we are trying to
solve before diving into possible solutions. The best help to us all on
this task might be to describe the problems that you/Lumension have
that you think should be addressed by a standardized remediation
language.

Thanks,

Jon
 
============================================
Jonathan O. Baker
The MITRE Corporation
Email: [hidden email]



>-----Original Message-----
>From: Ken Lassesen [mailto:[hidden email]]
>Sent: Friday, March 28, 2008 10:35 AM
>To: oval-remediation-discussion-list Open Remediation Language Commu
>Subject: Re: [OVAL-REMEDIATION-DISCUSSION-LIST] Previous remediation
>proposal
>
>As a general sketch of my thinking...
>
>We should start with known Xml based installation/remediation existing
>technologies, for example, for Windows,
>* WIX see http://sourceforge.net/projects/wix
>
>To which we augment any existing Linux/Unix Installer XML and Max
>Installer Xml tools. These appear to exist from looking at
>http://www.krugle.org/examples/p-G2fyzmSXDroBT4g2/build-installer.xml
>
>The key for this community is
>    1) Identify all the installer.xml dialects out there
>    2) Identify any that support decomposition of a package (Major
>impact for patch Tuesday)
>    3) Refactor them into a common language
>
>That should get us started....
>
>-----Original Message-----
>From: Baker, Jon [mailto:[hidden email]]
>Sent: Friday, March 28, 2008 6:58 AM
>To: [hidden email]
>Subject: [OVAL-REMEDIATION-DISCUSSION-LIST] Previous remediation
>proposal
>
>Here is a link to the previous PatchLink proposal for remediation.
>
>http://www.nabble.com/A-discussion-document-for-OVAL-DEV-DAYS-next-wee
k

>-td11796741ef24857.html#a11796741
>
>I encourage you all to review this proposal.
>
>Thanks,
>
>Jon
>
>============================================
>Jonathan O. Baker
>The MITRE Corporation
>Email: [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Previous remediation proposal

Robert Hollis
The OVAL community has produced a very elegant object structure to describe
system resources to be assessed in the Vulnerability and Assessment
Language.

I would be thrilled if we could set a goal to re-use that object structure
for the Remediation and Adjustment Language.

This would give current OVAL implementations an easy pathway to adopting the
new remediation language.  Also, as the object structure evolves, it could
evolve for both languages (helping to reduce the impact of evolution).

        -rob


. -----Original Message-----
. From: Baker, Jon [mailto:[hidden email]]
. Sent: Tuesday, April 01, 2008 7:25 PM
. To: [hidden email]
. Subject: Re: [OVAL-REMEDIATION-DISCUSSION-LIST] Previous remediation
. proposal
.
. Ken,
.
. Thanks for the pointers.
.
. If possible I would like us to consider the problems we are trying to
. solve before diving into possible solutions. The best help to us all on
. this task might be to describe the problems that you/Lumension have
. that you think should be addressed by a standardized remediation
. language.
.
. Thanks,
.
. Jon
.
. ============================================
. Jonathan O. Baker
. The MITRE Corporation
. Email: [hidden email]
.
.
.
. >-----Original Message-----
. >From: Ken Lassesen [mailto:[hidden email]]
. >Sent: Friday, March 28, 2008 10:35 AM
. >To: oval-remediation-discussion-list Open Remediation Language Commu
. >Subject: Re: [OVAL-REMEDIATION-DISCUSSION-LIST] Previous remediation
. >proposal
. >
. >As a general sketch of my thinking...
. >
. >We should start with known Xml based installation/remediation existing
. >technologies, for example, for Windows,
. >* WIX see http://sourceforge.net/projects/wix
. >
. >To which we augment any existing Linux/Unix Installer XML and Max
. >Installer Xml tools. These appear to exist from looking at
. >http://www.krugle.org/examples/p-G2fyzmSXDroBT4g2/build-installer.xml
. >
. >The key for this community is
. >    1) Identify all the installer.xml dialects out there
. >    2) Identify any that support decomposition of a package (Major
. >impact for patch Tuesday)
. >    3) Refactor them into a common language
. >
. >That should get us started....
. >
. >-----Original Message-----
. >From: Baker, Jon [mailto:[hidden email]]
. >Sent: Friday, March 28, 2008 6:58 AM
. >To: [hidden email]
. >Subject: [OVAL-REMEDIATION-DISCUSSION-LIST] Previous remediation
. >proposal
. >
. >Here is a link to the previous PatchLink proposal for remediation.
. >
. >http://www.nabble.com/A-discussion-document-for-OVAL-DEV-DAYS-next-wee
. k
. >-td11796741ef24857.html#a11796741
. >
. >I encourage you all to review this proposal.
. >
. >Thanks,
. >
. >Jon
. >
. >============================================
. >Jonathan O. Baker
. >The MITRE Corporation
. >Email: [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Previous remediation proposal

Jon Baker
Administrator
>The OVAL community has produced a very elegant object structure to
>describe
>system resources to be assessed in the Vulnerability and Assessment
>Language.
>
>I would be thrilled if we could set a goal to re-use that object
>structure
>for the Remediation and Adjustment Language.
>
>This would give current OVAL implementations an easy pathway to
adopting
>the
>new remediation language.  Also, as the object structure evolves, it
>could
>evolve for both languages (helping to reduce the impact of evolution).
>

Agree, if possible we should try to leverage existing structures as it
may reduce the burden of supporting this new effort t and OVAL.

Jon