TC November 2005

Feasibility Study of OVAL based Vulnerability Management Extension

Vendor SIG Meeting

Wednesday — November 16th, 2005 15:45

Under the vulnerability management, it is difficult to check out the vulnerability of information system by only security advisory. In this work, we have taken up this issue. We have examined - how one can provide a useful vulnerability management service to administrators. This presentation shows a proof-of-concept prototype "OVAL based Vulnerability Management Extension". The functions of Extension are the followings to support the useful vulnerability management.
  • A framework based on pattern file supplied by product vendors
  • A connective Web service based OVAL interpreter (WebOVAL, CmdOVAL)
  • A vulnerability management with a priority ratings service of CVSS

Presenters

  • Masato Terada (IPA, JP) JP

    Masato Terada Masato Terada received M.E. in Information and Image Sciences from University of Chiba, Japan, in 1986. From 1986 to 1995, he was a researcher at the Network Systems Research Dept., Systems Development Lab., Hitachi. Since 1996, he has been Senior Researcher at the Security Systems Research Dept., Systems Development Lab., Hitachi. Since 2002, he had been studying at Graduate School of Science and Technology, Keio University and received Ph.D in 2005. Since 2004, he has been with the Hitachi Incident Response Team. Also, he is a visiting researcher at Security Center, Information - Technology Promotion Agency, Japan (ipa.go.jp), and JVN associate staff at JPCERT/CC (jpcert.or.jp), as well.