summit d summit days ays
play

Summit D Summit Days ays The V he Value of alue of Global V - PowerPoint PPT Presentation

Nov 22, 2023 •201 likes •411 views

Futur Future e of of Global V Global Vulner ulnerability bility Repor eporting ting Summit Summit Summit D Summit Days ays The V he Value of alue of Global V Global Vulner ulnerability R bility Repor eporting ting Masato Masa

  1. Futur Future e of of Global V Global Vulner ulnerability bility Repor eporting ting Summit Summit Summit D Summit Days ays The V he Value of alue of Global V Global Vulner ulnerability R bility Repor eporting ting Masato Masa to Ter erada ada IT Security IT Security Center Center, , IP IPA November 13, 2012 No ember 13, 2012 FIRST TC @ KYOTO Kyoto 2012 FIRST Technical Colloquium 13-15 November 2012

  2. con conten tents. ts.  Vulnerability Vulnerability Ident Identifier ifier  vulnerability vulnerability identifica identification. tion.  # of vulnerabilities. # of vulnerabilities. FIRST TC @ KYOTO 2 Kyoto 2012 FIRST Technical Colloquium 13-15 November 2012

  3. vulner vulnerability bility identifier identifier.  How many vulnerability identifiers are there in our cyberspace ? FIRST TC @ KYOTO 3 Kyoto 2012 FIRST Technical Colloquium 13-15 November 2012

  4. vulner vulnerability bility identifier identifier.  How many vulnerability identifiers are there in our cyberspace ?  Database Database  Regional/national vulnerability databases NVD, JVN, CNVD etc.  Non-government vulnerability databases Secunia, SecurityFocus, OSVDB, Cisco Security Intelligence Operations, IBM ISS X-Force etc.  Vendor Advisories Vendor Advisories  Microsoft, Oracle, Cisco, Adobe etc. FIRST TC @ KYOTO 4 Kyoto 2012 FIRST Technical Colloquium 13-15 November 2012

  5. vulner vulnerability bility identifier identifier. http://nvd.nist.gov/  NVD NVD (Nationa (National l Vulnerability Vulnerability Database) Database)  ID(4 + 4 digits): CVE-2012-1234  Lang: English  CVE mapping: one-to-one  URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1234 FIRST TC @ KYOTO 5 Kyoto 2012 FIRST Technical Colloquium 13-15 November 2012

  6. vulner vulnerability bility identifier identifier. http://jvn.jp/  JVN(Japan JVN(Japan Vulnerability Vulnerability Database) Database)  ID(8 digits): JVN#12345678  Lang: Japanese/English  CVE mapping: one-to-one  URL: http://jvn.jp/jp/JVN12345678 FIRST TC @ KYOTO 6 Kyoto 2012 FIRST Technical Colloquium 13-15 November 2012

  7. vulner vulnerability bility identifier identifier. http://jvndb.jvn.jp/  JVN JVN iPedia iPedia  ID(4 + 6 digits): JVNDB-2012-123456  Lang: Japanese/English  CVE mapping: one-to-one  URL: http://jvndb.jvn.jp/jvndb/JVNDB-2012-123456 FIRST TC @ KYOTO 7 Kyoto 2012 FIRST Technical Colloquium 13-15 November 2012

  8. vulner vulnerability bility identifier identifier. http://www.cnvd.org.cn/  CNVD(China CNVD(China National Vulnerability National Vulnerability Database) Database)  ID(4 + 5 digits): CNVD-2012-12345  Lang: Chinese  CVE mapping: one-to-one  URL: http://www.cnvd.org.cn/sites/main/preview/ldgg_preview.htm?tid=61059 FIRST TC @ KYOTO 8 Kyoto 2012 FIRST Technical Colloquium 13-15 November 2012

  9. vulner vulnerability bility identifier identifier. http://secunia.com/  Secunia Secunia  ID(5 digits): SA12345  Lang: English  CVE mapping: one-to-many  URL: http://secunia.com/advisories/12345 FIRST TC @ KYOTO 9 Kyoto 2012 FIRST Technical Colloquium 13-15 November 2012

  10. vulner vulnerability bility identifier identifier. http://www.securityfocus.com/  Secur SecurityFocus ityFocus  ID(variable digits): 12345 (aka. bid12345)  Lang: English ^^^^^^ current longest id is 5 digits  CVE mapping: one-to-many  URL: http://www.securityfocus.com/bid/12345 FIRST TC @ KYOTO 10 Kyoto 2012 FIRST Technical Colloquium 13-15 November 2012

  11. vulner vulnerability bility identifier identifier. http://osvdb.org/  OSVDB OSVDB (The (The Open Open Source Source Vulnerability Vulnerability Database) Database)  ID(variable digits): 12345  Lang: English ^^^^^ current longest id is 5 digits  CVE mapping: one-to-many  URL: http://osvdb.org/show/osvdb/12345 FIRST TC @ KYOTO 11 Kyoto 2012 FIRST Technical Colloquium 13-15 November 2012

  12. vulner vulnerability bility identifier identifier. http://tools.cisco.com/security/center/  Cisco Cisco Secur Security ity Inte Intelligence Operations lligence Operations  ID(5 digits): 12345  Lang: English  CVE mapping: one-to-many  URL: http://tools.cisco.com/security/center/viewAlert.x?alertId=12345 FIRST TC @ KYOTO 12 Kyoto 2012 FIRST Technical Colloquium 13-15 November 2012

  13. vulner vulnerability bility identifier identifier. http://xforce.iss.net/  IBM IBM ISS ISS X-Force Force  ID(short subject + variable digits): speak-freely-udp-bo (12345) <<<<< current longest id is 5 digits  Lang: English  CVE mapping: one-to-many  URL: http://xforce.iss.net/xforce/xfdb/12345 FIRST TC @ KYOTO 13 Kyoto 2012 FIRST Technical Colloquium 13-15 November 2012

  14. vulner vulnerability bility identifica identification tion.  How do we make a relationship of vulnerability information ? FIRST TC @ KYOTO 14 Kyoto 2012 FIRST Technical Colloquium 13-15 November 2012

  15. vulner vulnerability bility identifica identification tion.  How do we make a relationship of vulnerability information ?  Currently, we can use Common Vulnerabilities and Exposures (CVE), which is the most well known vulnerability identification scheme. CVE is best and unique reference ID in world wide. FIRST TC @ KYOTO 15 Kyoto 2012 FIRST Technical Colloquium 13-15 November 2012

  16. # of vulne # of vulnerabilities. bilities.  How many # of vulnerabilities ? FIRST TC @ KYOTO 16 Kyoto 2012 FIRST Technical Colloquium 13-15 November 2012

  17. # of vulne # of vulnerabilities. bilities. http://nvd.nist.gov/  NVD NVD (Nationa (National l Vulnerability Vulnerability Database) Database) 8,000 NVD 7,000 CERT/CC 6,000 Number of vulnerabilities Total; 53,262 5,000 4,000 3,000 2,000 1,000 0 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 FIRST TC @ KYOTO 17 Kyoto 2012 FIRST Technical Colloquium 13-15 November 2012

  18. # of # of vulne vulnerabilities. bilities. http://www.cnvd.org.cn/  CNVD(China CNVD(China National Vulnerability National Vulnerability Database) Database) 7,000 Total; 39,796 CNVD 6,000 Number of vulnerabilities 5,000 4,000 3,000 2,000 1,000 0 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 FIRST TC @ KYOTO 18 Kyoto 2012 FIRST Technical Colloquium 13-15 November 2012

  19. # of # of vulne vulnerabilities. bilities. http://secunia.com/  Secunia Secunia Average 2006-10; 8,663 Total 2011; 9,132 FIRST TC @ KYOTO 19 Kyoto 2012 FIRST Technical Colloquium 13-15 November 2012

  20. end ending. ing. Global Vulner Global V ulnerability bility Repor eporting will pr ting will provide bes vide best t solution of solution of this qu this question estions. s. FIRST TC @ KYOTO 20 Kyoto 2012 FIRST Technical Colloquium 13-15 November 2012

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Summit Therapeutics plc (Summit or the Company) SUMMIT TO PRESENT PHASE 2 CoDIFy

Summit Therapeutics plc (Summit or the Company) SUMMIT TO PRESENT PHASE 2 CoDIFy

Summit Therapeutics plc (Summit or the Company) SUMMIT TO PRESENT PHASE 2 CoDIFy TRIAL DATA HIGHLIGHTING RIDINILAZOLES PRESERVATION OF THE MICROBIOME IN CDI PATIENTS AT ASM MICROBE 2016 Oxford, UK, 23 May 2016 Summit

269 views • 3 slides
Welco elcome! me! Le Learnin arning g Se Session ssion/Summit /Summit Day Two May 26 th ,

Welco elcome! me! Le Learnin arning g Se Session ssion/Summit /Summit Day Two May 26 th ,

Welco elcome! me! Le Learnin arning g Se Session ssion/Summit /Summit Day Two May 26 th , 2017 Rec ecap of Da ap of Day On y One &amp; e &amp; Outline of the Days Activities Jennifer Allison 2 Outcome Outcome Data Data Su

716 views • 48 slides
For the 4 th year in a row through organizes Energy Strategy Summit, a top-level summit for the

For the 4 th year in a row through organizes Energy Strategy Summit, a top-level summit for the

For the 4 th year in a row through organizes Energy Strategy Summit, a top-level summit for the Romanian and regional energy industry. This year, for two days, on June 6-7, the most infmuential decision makers in the Romanian energy industry

280 views • 14 slides
Summit Farms Overview Agrisol Energy July 16 th , 2010 Summit Farms Overview Summit Farms

Summit Farms Overview Agrisol Energy July 16 th , 2010 Summit Farms Overview Summit Farms

Summit Farms Overview Agrisol Energy July 16 th , 2010 Summit Farms Overview Summit Farms is made up of three main business units: Row Crop Production: 17,900 acres Corn Maize Soybeans Swine Contract Finishing: over 150,000

221 views • 18 slides
CasinoBeats Summit 18-20 September 2018 @ Olympia, London CASINOBEATS SUMMIT 2018 Over 250

CasinoBeats Summit 18-20 September 2018 @ Olympia, London CASINOBEATS SUMMIT 2018 Over 250

CasinoBeats Summit 18-20 September 2018 @ Olympia, London CASINOBEATS SUMMIT 2018 Over 250 delegates from across the world will make their way to the Casino Beats Summit as part of the international betting and gaming conference week, held 18-21

406 views • 12 slides
Xen Strategic Summit Xen Strategic Summit Plenary Plenary Nick Gault, CEO Nick Gault, CEO

Xen Strategic Summit Xen Strategic Summit Plenary Plenary Nick Gault, CEO Nick Gault, CEO

Xen Strategic Summit Xen Strategic Summit Plenary Plenary Nick Gault, CEO Nick Gault, CEO April 7, 2005 Why the Why the Xen Summit? en Summit? You asked for it To make Xen commercially ready and ubiquitous This is your opportunity to

364 views • 9 slides
Transmission Summit 2014 Summit agenda Washington, DCMarch 13-14, 2014 March 13, 2014: 7:30

Transmission Summit 2014 Summit agenda Washington, DCMarch 13-14, 2014 March 13, 2014: 7:30

Transmission Summit 2014 Summit agenda Washington, DCMarch 13-14, 2014 March 13, 2014: 7:30 8:30 Registration and Breakfast 8:30 8:45 Welcome and Introduction by Summit Chairman Celia Y. David , Director , Energy, NAVIGANT 8:45

157 views • 4 slides
ADDITIVE MA E MANUF UFACT CTURING COMMUN COMMUNITY Strategy Days Summit November 6-7, 2019 |

ADDITIVE MA E MANUF UFACT CTURING COMMUN COMMUNITY Strategy Days Summit November 6-7, 2019 |

ADDITIVE MA E MANUF UFACT CTURING COMMUN COMMUNITY Strategy Days Summit November 6-7, 2019 | Marriott Marquis Chicago AM market has grown so rapidly in the past 10 years Messaging is very splintered and inconsistent Focus

307 views • 4 slides
2017 ITPC Planning Summit Welcome to the 2017 ITPC Planning Summit Goals for Opening Todays

2017 ITPC Planning Summit Welcome to the 2017 ITPC Planning Summit Goals for Opening Todays

2017 ITPC Planning Summit Welcome to the 2017 ITPC Planning Summit Goals for Opening Todays Summit Remarks To promote Michael Hites collaborative planning Sr. Associate Vice President &amp; relative to Chief Information Officer

646 views • 46 slides
5G Su 5G Summit it Ov Overvie view Debabani Choudhury Intel Labs IEEE 5G Summit, Honolulu,

5G Su 5G Summit it Ov Overvie view Debabani Choudhury Intel Labs IEEE 5G Summit, Honolulu,

Welc lcom ome e an and d 5G Su 5G Summit it Ov Overvie view Debabani Choudhury Intel Labs IEEE 5G Summit, Honolulu, HI June 5-6, 2017 5G-&lt;Choudhury&gt; IMS MS2017 7 5G Su Summit it A Successful Collaboration Between two

714 views • 6 slides
Inclusion, Innovation and Technology Summit Creating a Culture of Innovation July 17, 2018 Live

Inclusion, Innovation and Technology Summit Creating a Culture of Innovation July 17, 2018 Live

Inclusion, Innovation and Technology Summit Creating a Culture of Innovation July 17, 2018 Live from Loveland, CO David Tucker Enterprise Architect and I2T vice-chair I2T Summit 1 I2T Summit 1 I2T Summit agenda Welcome

573 views • 26 slides
Summit 2.0 The UMass Shared Analytics Program Data Driven Decisions Agenda Summit Overview

Summit 2.0 The UMass Shared Analytics Program Data Driven Decisions Agenda Summit Overview

Summit 2.0 The UMass Shared Analytics Program Data Driven Decisions Agenda Summit Overview Enterprise Data and Analytics team Analytics Defined What is Summit 2.0 Data: Summit Enterprise Data Warehouse Tools: Summit

525 views • 30 slides
HUD IT IT Summit Washington, D.C. June 4, 2018 1 IT IT SUMMIT Agenda: Welcome Remarks (DJ

HUD IT IT Summit Washington, D.C. June 4, 2018 1 IT IT SUMMIT Agenda: Welcome Remarks (DJ

HUD IT IT Summit Washington, D.C. June 4, 2018 1 IT IT SUMMIT Agenda: Welcome Remarks (DJ LaVoy) ISDV Overview (George Forbes) Protocol (Brendan Dowd) Decision Trees (Kim Scoles) Break VEDGA Overview (Eric Krapf) June 4, 2018 What to

765 views • 61 slides
Stopping Violence, Stimulating Success Summit February 2014 Summit In response to the

Stopping Violence, Stimulating Success Summit February 2014 Summit In response to the

Stopping Violence, Stimulating Success Summit February 2014 Summit In response to the uptick in violence that Pomona experienced last year, various community partners came together to discuss priorities to address public safety issue.

235 views • 19 slides
HUBZone Small Business Summit Welcome &amp; Opening Comments Summit April 26, 2017 -

HUBZone Small Business Summit Welcome &amp; Opening Comments Summit April 26, 2017 -

HUBZone Contractors National Council HUBZone Small Business Summit April 26, 2017 HUBZone Small Business Summit Welcome &amp; Opening Comments Summit April 26, 2017 - Philadelphia John Armstead Acting Deputy Regional Administrator

100 views • 7 slides
A&amp;F Executive Dashboard Presented: Summit Summit: December 7, 2018 A&amp;F Vice Chancellors:

A&amp;F Executive Dashboard Presented: Summit Summit: December 7, 2018 A&amp;F Vice Chancellors:

A&amp;F Executive Dashboard Presented: Summit Summit: December 7, 2018 A&amp;F Vice Chancellors: December 8, 2017 A&amp;F Roadmap: Underlying Principles 2 Independent and objective Standard processes designed assurance that analyzes to

249 views • 14 slides
Errant GTIDs breaking replication Dieter Adriaenssens Ghent University Who am I? Dieter

Errant GTIDs breaking replication Dieter Adriaenssens Ghent University Who am I? Dieter

Errant GTIDs breaking replication Dieter Adriaenssens Ghent University Who am I? Dieter Adriaenssens Linux System Administrator MySQL DBA Works at Ghent University Open Source : former phpMyAdmin team member Lives in

1.19k views • 48 slides
Privacy Leakage in Mobile Online Social Networks Balachander Krishnamurthy, AT&amp;T Labs

Privacy Leakage in Mobile Online Social Networks Balachander Krishnamurthy, AT&amp;T Labs

Privacy Leakage in Mobile Online Social Networks Balachander Krishnamurthy, AT&amp;T Labs Research Craig E. Wills, Worcester Polytechnic Institute Workshop on Online Social Networks Boston, MA USA June 2010 1 Introduction Previously

775 views • 20 slides
FinCEN, Reporting Over $10,000 Cash, Good Funds Charles M. Craig April 18, 2019 The webinar

FinCEN, Reporting Over $10,000 Cash, Good Funds Charles M. Craig April 18, 2019 The webinar

Welcome to todays webinar! FinCEN, Reporting Over $10,000 Cash, Good Funds Charles M. Craig April 18, 2019 The webinar will begin shortly. CE ONLY New Requirements CREDIT Providers are required to submit CE credit hours directly to

610 views • 46 slides
AllClear ID (www.allclearid.com) is an identity protection company based in Austin, Texas, and is

AllClear ID (www.allclearid.com) is an identity protection company based in Austin, Texas, and is

AllClear ID (www.allclearid.com) is an identity protection company based in Austin, Texas, and is powered by Debix, a leader in identity protection technology. Our leading technology and customer service have protected millions of consumers, and

337 views • 11 slides
CREATING A GLOBAL LEGAL ENTITY IDENTIFIER (LEI) STANDARD 11.10.2011 Global calls affirming the

CREATING A GLOBAL LEGAL ENTITY IDENTIFIER (LEI) STANDARD 11.10.2011 Global calls affirming the

CREATING A GLOBAL LEGAL ENTITY IDENTIFIER (LEI) STANDARD 11.10.2011 Global calls affirming the importance of developing an LEI standard G-20 Cannes Summit Final Declaration (November 4, 2011) We support the creation of a global legal

501 views • 28 slides
TDDD04: Test plans and software defect taxonomies Lena Buffoni lena.buffoni@liu.se 3 Lecture

TDDD04: Test plans and software defect taxonomies Lena Buffoni lena.buffoni@liu.se 3 Lecture

TDDD04: Test plans and software defect taxonomies Lena Buffoni lena.buffoni@liu.se 3 Lecture plan Test planning (ISO/IEC/IEEE 29119) Scripted vs Exploratory testing Defect taxonomies (ISO/IEC/IEEE 1044) 4 Scripted testing Testing

492 views • 46 slides
1 Webinar Management Dial: 866-804-5824 ID: 997-9417-0213 Chat comments, responding to

1 Webinar Management Dial: 866-804-5824 ID: 997-9417-0213 Chat comments, responding to

Dial: 866-804-5824 ID: 997-9417-0213 Welcome to todays webinar! Reporting and Data Collection August 18, 2020 | 2:00-3:00 p.m. ET Audi Audio Acces Access The webinar will begin soon. While you wait, Listen via computer: please share

638 views • 17 slides
Requirements for Energy Management draft-ietf-eman-requirements-05 J. Quittek, R. Winter, T.

Requirements for Energy Management draft-ietf-eman-requirements-05 J. Quittek, R. Winter, T.

Requirements for Energy Management draft-ietf-eman-requirements-05 J. Quittek, R. Winter, T. Dietz, B. Claise, M. Chandramouli 1 IETF 82 EMAN requirements Status At IETF #80 we stated as first next step: &quot;After agreement on some

411 views • 14 slides

More recommend