Semantic Potential of existing Security Advisory Standards

A. Ekelhart, E. Weippl, S. Fenz:
"Semantic Potential of existing Security Advisory Standards";
Vortrag: The Forum of Incident Response and Security Teams (FIRST), Vancouver; 22.06.2008 - 27.06.2008; in:"Inproceedings of the FIRST 2008", (2008).

[ Publication Database ]


New discoveries made on a nearly daily basis and
the constantly growing amount of vulnerabilities in software
products have led to the distribution of great numbers of vendordependent
vulnerability information over various channels such
as mailing lists and RSS (Really Simple Syndication) feeds.
However, the format of these messages presents a major problem
as it lacks standardized, semantic information, resulting in very
time-intensive, expensive, and error-prone processing due to the
necessary human involvement. Recent developments in the field of
IT security have increased the need for a sound semantic security
advisory standard that would allow for automatic processing
of relevant security advisories in a more precise and timely
manner. This would reduce pressure on organizations trying
to keep their complex infrastructures secure and up-to-date by
complying to standards, such as Basel II and local legislations.
This paper conducts an evaluation of existing advisory standards
and extends the most semantic usable to fulfill the requirements of
a semantic security advisory standard. A proof of concept shows
how non-semantic vendor-dependent vulnerability information
can be automatically converted to the proposed semantic security
advisory format. The automated processing of security advisories
allows faster reaction times and precise response to new threats
and vulnerabilities. In this way IT management can concentrate
on solutions rather than on filtering messages.