Reply From: Aleph One <aleph1@underground.org>
On Tue, Sep 28, 1999 at 04:56:21PM -0600, mea culpa wrote:
> MITRE and Top Security Experts Announce Initiative to Boost Cyber-Defenses
> September 29 Audio Teleconference Press Conference
>
> The MITRE Corporation has joined with the CERT Coordination Center, IBM
> Research, Cisco Systems and 16 other leading information security
> organizations to launch a major new initiative to strengthen
> cyber-defenses across industry and government. Top security experts will
> participate in a press teleconference on Wednesday, September 29, 1999, at
> 2:00 pm to discuss the details of the initiative:
Man, what a load of crap. "Boost Cyber-Defenses". Hah! Well since I am one
of the people participating in the CVE I might as well clear the air. The
CVE is nothing more than a listing of security vulnerabilities and
possibly risks (they like to call them exposures). Please note that the
CVE does not contain in-depth information about the vulnerabilities (such
as how to fix them). It is simply means as a list of IDs that can be used
to match up different vulnerability databases, vulnerability scanners or
intrusion detection systems. So when you try to compare say ISS Internet
Scanner and NAI's CyberCop you can get a somewhat meaningful number.
Now I would hardly call this "boosting our cyber-defences", but I guess
that is why I don't write press releases.
--
Aleph One / aleph1@underground.org
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
ISN is sponsored by Security-Focus.COM
Received on Wed Sep 29 08:40:57 1999