OASIS to Establish Classification Standards for Web Security Vulnerabilities | .NET Developer's Journal

Search

.NET Authors: Liz McMillan, Peter Silva, Yakov Werde, Matthew Pollicove , Corey Roth

Related Topics: SOA & WOA, Security

SOA & WOA: Article

OASIS to Establish Classification Standards for Web Security Vulnerabilities

OASIS to Establish Classification Standards for Web Security Vulnerabilities

By SOA News Desk	Article Rating:
January 1, 2000 12:00 AM EST	Reads:	3,378

Related
Print
Email
Feedback
Add This
Blog This

(May 28, 2003) - Members of the OASIS standards consortium are uniting to create an open data format to describe Web application security vulnerabilities. The new OASIS Web Application Security (WAS) Technical Committee will produce a classification scheme for Web security vulnerabilities, a model to provide guidance for initial threat, impact, and risk ratings, and an XML schema to describe Web security conditions that can be used by both assessment and protection tools.

"Gartner believes the OASIS WAS standard effort will play a key role in supporting innovation in security assessment tools and application-level intrusion prevention products," said John Pescatore, vice president for Internet Security at Gartner Inc. "Having a standard vulnerability description language will allow enterprises to choose and integrate best-of-breed products to best address changing threat scenarios."

CIO, CTO & Developer Resources

"Currently, security advisories are published in ambiguous textual forms or proprietary data files. The same vulnerability is often described in several different ways, using different languages and contexts that quantify risks in different ways," explained Mark Curphey, chair of the OASIS WAS Technical Committee. "WAS will allow vulnerabilities to be published and received in a consistent manner. Risks will be universally understood by law enforcement agencies, government representatives, companies, and organizations, regardless of which tools or technologies are used."

OASIS WAS Technical Committee members include NetContinuum, Qualys, Sanctum, SPI Dynamics, and others. Participation remains open to all organizations and individuals, and OASIS will host an open mail list for public comment. The committee will hold its first meeting on July 3, 2003.

Published January 1, 2000 – Reads 3,378
Copyright © 2000 SYS-CON Media, Inc. — All Rights Reserved.
Syndicated stories and blog feeds, all rights reserved by the author.

Related
Print
Email
Feedback
Add This
Blog This

More Stories By SOA News Desk

SOA World Magazine News Desk trawls the world of distributed computing and SOA-related developments for the latest word on technologies, standards, products, and services and brings key information to you in a timely and convenient summary form.

Comments (0)

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

Comments

Will the Cloud Confuse Network Management?

By Vikas Aggarwal

VigilantJon wrote: 2 points on this: 1) Depending on the organization, why buy and go through that risk? Outsourcing this level of support and technology reduces organizational strain enabling IT to focus on improving business integration and innovation. This is not just an infrastructure monitoring problem, so picking a company who understands service management and service warranty is a must. 2) While grouping services, it is imperative that organizations look at their services and determine - what are those t...

Dec. 1, 2009 09:54 AM EST

Latest .NET News

Cloud Expo Platinum Sponsorships Sold Out

By Liz McMillan

SYS-CON Events announced today that the "Diam...

Dec. 2, 2009

Cloudosphere

Visualizing the Boundaries of Control in the Cloud

By Scott Morrison

Cloud’s biggest problem isn’t security; it’s the continuous noise around security that dis...

Dec. 2, 2009

Grokking the Goodness of MapReduce and SPDY

By Lori MacVittie

Certainly no one would seriously argue that web applications are fast enough for ev...

Dec. 2, 2009

2009 East

PLATINUM SPONSORS:

Smarter Business Solutions Through Dynamic Infrastructure

Smarter Insights: How the CIO Becomes a Hero Again

Windows Azure

GOLD SPONSORS:

Why VDI?

Maximizing the Business Value of Virtualization in Enterprise and Cloud Computing Environments

Messaging in the Cloud - Email, SMS and Voice

Stairway to the Cloud

Sun's Incubation Platform: Helping Startups Serve the Enterprise

POWER PANELS:

Cloud Computing & Enterprise IT: Cost & Operational Benefits

How and Why is a Flexible IT Infrastructure the Key To the Future?

Click For 2008 West
Event Webcasts

2009 East

GOLD SPONSORS:

Get Your Transactions Under Control: SOA Performance Management

Performance Driven Adoption: The Secret to Advancing SOA

The Evolving SOA Appliance: 3 Game-Changing Innovations

SILVER SPONSOR:

Data Mashups: Deliver Your Project Faster with Virtualized Data Services Across Internal & External Sources

POWER PANELS:

The Business Value of Service Orientation

Driving Profitability Through User Experience

Click For 2008 West
Event Webcasts

Topics

.NETDJ Archives

From the Blogosphere

From the Editor

Product Reviews

SQL Server 2005

Visual Studio 2005

close this window