Security Automation Developer Days: Summer 2012 at MITRE in Bedford, MA

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Security Automation Developer Days: Summer 2012 at MITRE in Bedford, MA

Boczenowski, Steve

Save the Date: week of July 9, 2012

 

This year’s MITRE-hosted Security Automation Developer Days event will be held during the week of July 9, 2012 at MITRE’s facility in Bedford, MA.

 

Details to follow.

 

Regards,

    Steve

 

______________________________________________

Stephen P. Boczenowski

      The MITRE Corporation

      Office: (781) 271-7682

      Cell: (978) 302-3849

      [hidden email]

 

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].
Reply | Threaded
Open this post in threaded view
|

Re: Security Automation Developer Days: Summer 2012 at MITRE in Bedford, MA

Frank Lindsay Acker
Steve....

Has there been any additional information regarding this event?

Thanks,
Frank Acker

From: Boczenowski, Steve [[hidden email]]
Sent: Tuesday, March 20, 2012 16:38
To: [hidden email]
Subject: [OVAL-DEVELOPER-LIST] Security Automation Developer Days: Summer 2012 at MITRE in Bedford, MA

Save the Date: week of July 9, 2012

 

This year’s MITRE-hosted Security Automation Developer Days event will be held during the week of July 9, 2012 at MITRE’s facility in Bedford, MA.

 

Details to follow.

 

Regards,

    Steve

 

______________________________________________

Stephen P. Boczenowski

      The MITRE Corporation

      Office: (781) 271-7682

      Cell: (978) 302-3849

      [hidden email]

 

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].
To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].
Reply | Threaded
Open this post in threaded view
|

Re: Security Automation Developer Days: Summer 2012 at MITRE in Bedford, MA

Boczenowski, Steve

Frank;

 

We hope to have the registration site up next week.  The event will be during the week of July 9 – starting Monday at 10:00 AM and ending on Friday at 12:00.

 

Meanwhile, we are working on the agenda and are currently considering this list of topics:

 

CCE

CPE/SWID

CEE

XCCDF

OVAL

ASR

Enterprise OCIL

CybOX/MAEC

Federated Content Repository Spec

Endpoint Reporting for Continuous Monitoring and Compliance (ERCC)

MILE

TAXII

IF-M for SCAP

IF-MAP

SCAP Releases

SCAP and IETF

NETCONF and SCAP

 

Steve

 

From: Frank Lindsay Acker [mailto:[hidden email]]
Sent: Tuesday, May 01, 2012 9:32 AM
To: oval-developer-list OVAL Developer List/Closed Public Discussion
Subject: Re: [OVAL-DEVELOPER-LIST] Security Automation Developer Days: Summer 2012 at MITRE in Bedford, MA

 

Steve....

Has there been any additional information regarding this event?

Thanks,
Frank Acker


From: Boczenowski, Steve [[hidden email]]
Sent: Tuesday, March 20, 2012 16:38
To: [hidden email]
Subject: [OVAL-DEVELOPER-LIST] Security Automation Developer Days: Summer 2012 at MITRE in Bedford, MA

Save the Date: week of July 9, 2012

 

This year’s MITRE-hosted Security Automation Developer Days event will be held during the week of July 9, 2012 at MITRE’s facility in Bedford, MA.

 

Details to follow.

 

Regards,

    Steve

 

______________________________________________

Stephen P. Boczenowski

      The MITRE Corporation

      Office: (781) 271-7682

      Cell: (978) 302-3849

      [hidden email]

 

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].
Reply | Threaded
Open this post in threaded view
|

Re: Security Automation Developer Days: Summer 2012 at MITRE in Bedford, MA

Kent Landfield
All,

I would like to discuss the format for the SCAP Developer Days that seems to be listed below.

I see this appears to follow a path we have discussed in the past as the way not to hold a Dev Days event.  We have been trying to get away from 'Death by Powerpoint' and back to the type of event we held years ago when we were highly productive.  In the past we had a topic to be discussed and a time box to work within.  That allowed us to have very active brainstorming sessions in a high bandwidth environment.

At past Summer events we have got into a pattern of lots of powerpoint, lots of status of the efforts and very little discussion about things that need active discussions.  We need to keep moving forward and making progress as an effort. We can get status from various places such as the lists, a presentation being sent out in advance, a webinar if it is felt there will be questions and answers from those that are new to the efforts.  We have a limited amount of time and all who are attending are investing a great deal of time and money to be there.  We should not  be spending a great deal of time reeducating everyone when we could be focused on advancing needed efforts.

The type of approach to a Dev Days event was discussed at the last Summer Dev Days.  I have seen the following work quite well in other efforts.
  1. Presentations are sent out to the attendees and the lists a week in advance.
  2. Status for any effort is limited to 30 minutes
  3. Focused brainstorming time should be established for certain areas that need real work by the community
  4. Efforts to be discussed should be based on needs of the security automation space to move existing efforts to completion.
For example:

Continuous monitoring is a major direction the efforts are becoming involved with. There are going to be things we need to do as a security automation community to be able to accomplish what is listed in the CAESARS FE.  There are interfaces that need to be worked and established.  That is one area that is not listed below.  CM will have a major impact on all of us in the next couple years and it is being ignored.  We can't keep trying to solve what has already been solved.  We need to address the needed interface development now. This is an effort that could take nearly a whole day by itself.

Operationally we have a real need to be able to deliver SCAP content internally within an organization. Today the SCAP vendors cannot share a single local site security policy (XCCDF + OVAL + CPE +…) without the site staff having to go to each of the individual products and figuring out how to inject that new or updated policy into that products delivery mechanisms.  That is limiting sites from wanting to buy multiple focused SCAP products since they are such a pain to manage from a content perspective.  It is easier to buy from one vendor that has a single means for distributing content than it is to deal with the management issues that having multiple SCAP products presents.  We need to have at least an entire 1/2 a day on the development of a Content Repository specification.

OCIL is a positive and a negative at the same time. It has real value that is being underutilized and under implemented because of the limitations of how it addresses uses in an enterprise environment.  People don't need security automation to do things on/for a single host.  They need security automation to focus on the enterprise issues that reduce their costs and improve their efficiencies.  OCIL is failing in the enterprise and we all understand that.  We need to address developing a definitive solution for incorporating OCIL into the enterprise and that means into the existing specifications. Scheduling and tracking are key to it's success.  We need to make that happen.  This too needs a focused brainstorming time box to discuss options.

I am really disappointed that Remediation is not on the list below…  Yes, last Summer Dev Days, the time spent on Remediation was wasted time but that does not mean we should ignore it and not try to make some real progress.  As far as I am concerned we need to reboot the remediation effort.  We cannot keep being the set of specifications / tools that act as the little boy crying "Wolf" in the night.  We need to be able to find and fix issues if we are going to really make a difference in organizational security postures.  But today we think it is too hard so we don't try ?  I think we need a couple hours to discuss the reboot of the effort even if that means minimizing work already done.

A focused discussion on enterprise reporting is also critically needed.  For the vendors here, we have all gone through the Cyberscope goat rope, delivering limited capabilities to specific data call requirements of the Federal Agencies.  The initial effort was a mess, did little more than prove it was possible and cause the vendor community a great deal of thrashing to put a kludgey 'solution' in place.  Reality is all our customers need roll up reporting and an infrastructure that supports it.  A data call should not be special to anyone other than the agencies responding. The tools should be able to select the types of data needed and deliver that on a scheduled basis automatically.    Enterprise Reporting pertains to commercial as well as Federal customers.  We need to focus some time on what that would look like using the ARF and ASR as the foundational pieces.  But there are missing pieces….  We need this discussed.

I would hope we can make this summer's SCAP Dev Days useful in advancing the security automation efforts by addressing some of the more critical issues our customers are facing now or will be facing in the very short term.  Status presentations are not interesting to those active in the efforts.  Let's try to do those before we get to Bedford so we can real make some progress while we are all in the same room.  This is always a big event for the 'consensus of the willing' that assemble and driven to see security automation make a difference.  Let's see if we can have an event that, when we all walk out the last day, we all feel that every minute was well spent and moves us forward.

Thanks.

Kent Landfield
Director Content Strategy, Architecture and Standards

McAfee | An Intel Company
5000 Headquarters Dr.
Plano, Texas 75024

Direct: +1.972.963.7096 
Mobile: +1.817.637.8026
Web: www.mcafee.com

From: <Boczenowski>, Steve <[hidden email]>
Reply-To: "OVAL Developer List (Closed Public Discussion)" <[hidden email]>
To: "[hidden email]" <[hidden email]>
Subject: Re: [OVAL-DEVELOPER-LIST] Security Automation Developer Days: Summer 2012 at MITRE in Bedford, MA

Frank;

 

We hope to have the registration site up next week.  The event will be during the week of July 9 – starting Monday at 10:00 AM and ending on Friday at 12:00.

 

Meanwhile, we are working on the agenda and are currently considering this list of topics:

 

CCE

CPE/SWID

CEE

XCCDF

OVAL

ASR

Enterprise OCIL

CybOX/MAEC

Federated Content Repository Spec

Endpoint Reporting for Continuous Monitoring and Compliance (ERCC)

MILE

TAXII

IF-M for SCAP

IF-MAP

SCAP Releases

SCAP and IETF

NETCONF and SCAP

 

Steve

 

From: Frank Lindsay Acker [[hidden email]]
Sent: Tuesday, May 01, 2012 9:32 AM
To: oval-developer-list OVAL Developer List/Closed Public Discussion
Subject: Re: [OVAL-DEVELOPER-LIST] Security Automation Developer Days: Summer 2012 at MITRE in Bedford, MA

 

Steve....

Has there been any additional information regarding this event?

Thanks,
Frank Acker


From: Boczenowski, Steve [[hidden email]]
Sent: Tuesday, March 20, 2012 16:38
To: [hidden email]
Subject: [OVAL-DEVELOPER-LIST] Security Automation Developer Days: Summer 2012 at MITRE in Bedford, MA

Save the Date: week of July 9, 2012

 

This year’s MITRE-hosted Security Automation Developer Days event will be held during the week of July 9, 2012 at MITRE’s facility in Bedford, MA.

 

Details to follow.

 

Regards,

    Steve

 

______________________________________________

Stephen P. Boczenowski

      The MITRE Corporation

      Office: (781) 271-7682

      Cell: (978) 302-3849

     [hidden email]

 

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].
To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].