FIRST - Improving Security Together 18th Annual FIRST Conference - June 2006 - Baltimore, Maryland

Proposal of RSS Extension for Security Information Exchange







Platinum Sponsor

BT



Silver Sponsor

Diageo



Local Host

CERT Coordination Center



Supporting Sponsors

Sun



Google



Hitachi



ISS



E-Secure-IT

Korea CertCC



Conference Schedule

Business/Management Track

Friday – June 30th, 14:30

Unauthorized access intending to spread malware has been active and causing a lot of damage worldwide. In order to eliminate vulnerabilities and prevent unauthorized access, it is necessary to improve the way to distribute security information about computer software and hardware. When a new vulnerability is discovered or a security advisory is released, the security administrators try to collect information about and countermeasures against the vulnerability. In this paper, we examines how we can provide a more efficient security information distribution service for the security administrators that helps them reduce their workload related to collecting and grouping various information and take care of security incidents.

We propose JVNRSS (JP Vendor Status Notes RSS) as a security information sharing and exchanging specification. Currently, JPCERT/CC and IPA (Information-technology Promotion Agency) are promoting a framework to handle vulnerability information in Japan.

They offer JVN, a portal site to provide security information about the domestic computer software and hardware manufactured by the vendors participating in the framework. JVNRSS is one of the methods JVN has been using to distribute security information. JVNRSS is based on RSS 1.0 and uses the "dc:relation" field defined in the Dublin Core as a Relational ID to correlate security information issued by various sources (Figure 1). JVNRSS uses the reference URL specified in a security alert, for example, an URL of the Common Vulnerability Exposure, CERT Advisory, CERT Vulnerability Note and CIAC Bulletin. In this paper, firstly we explain the specification and application of JVNRSS. Secondly, we'll introduce the result of our feasibility study on JVNRSS (Figure 2) and lastly we'll propose the RSS Extension for security information sharing.

Authors & presenters

  • JPMasato Terada Presenter (HIRT – Hitachi, JP)


Conference Schedule