|
|||||
 |
 |
||||
| CPE Website is in "Archive" status — read the announcement | |||||
Developer Days — ArchiveThe purpose of the event is for the community to discuss, in technical detail, the ongoing development of CPE and to discuss relevant issues and derive solutions that benefit all concerned parties. Information about upcoming and/or past conferences is included below: IT Security Automation Conference 2012The 8th Annual IT Security Automation Conference was hosted by the National Institute of Standards and Technology, in conjunction with the Department of Homeland Security, National Security Agency, and Defense Information Systems Agency, on October 3-5, 2012. "Security automation leverages [the CVE®, CCE™, CPE™, OVAL®, OCIL™, XCCDF, ARF, CCSS, and CVSS community] standards and specifications to reduce the complexity and time necessary to manage vulnerabilities, measure security, and ensure compliance, freeing resources to focus on other areas of the IT infrastructure." For additional information and downloads, visit: https://itsac.g2planet.com/itsac2012/. Security Automation Developer Days 2012MITRE Corporation hosted the fourth Security Automation Developer Days conference on July 9-13, 2012, at MITRE in Bedford, Massachusetts, USA. This five-day conference is technical in nature and focuses on the U.S. National Institute of Standards and Technology’s (NIST) Security Content Automation Protocol (SCAP). The purpose of the event is for the community to discuss SCAP — and the existing standards upon which it is based including Common Platform Enumeration (CPE™), Common Configuration Enumeration (CCE™), Open Vulnerability and Assessment Language (OVAL®), Extensible Configuration Checklist Description Format (XCCDF), and Open Checklist Interactive Language (OCIL) — in technical detail and to derive solutions that benefit all concerned parties. All current and emerging SCAP standards are addressed at this workshop. MITRE first hosted Developer Days in 2005 and has been running them annually ever since. The model for these technical exchanges has since been adopted as the format used by the Security Automation community. Materials from the event include the following:
IT Security Automation Conference 2011CPE was a main topic at the 7th Annual IT Security Automation Conference hosted by the National Institute of Standards and Technology, in conjunction with the Department of Homeland Security, National Security Agency, and Defense Information Systems Agency, on October 31 - November 2, 2011. This three-day event focused on the breadth and depth of automation principles and technologies designed to support automation requirements across organizations in multiple sectors. For additional information and downloads, visit: http://www.nist.gov/itl/csd/7th-annual-scap-conference.cfm. Security Automation Developer Days 2011MITRE Corporation hosted the third Security Automation Developer Days conference on June 14-17, 2011, at MITRE in Bedford, Massachusetts, USA. This four-day conference is technical in nature and focused on the U.S. National Institute of Standards and Technology’s (NIST) Security Content Automation Protocol (SCAP). The purpose of the event is for the community to discuss SCAP — and the existing standards upon which it is based including Common Platform Enumeration (CPE™), Common Configuration Enumeration (CCE™), Open Vulnerability and Assessment Language (OVAL®), Extensible Configuration Checklist Description Format (XCCDF), and Open Checklist Interactive Language (OCIL) — in technical detail and to derive solutions that benefit all concerned parties. All current and emerging SCAP standards are addressed at this workshop. MITRE first hosted Developer Days in 2005 and has been running them annually ever since. The model for these technical exchanges has since been adopted as the format used by the Security Automation community. Materials from the event include the following: Security Automation Developer Days Spring 2011The Security Automation Developer Days Spring 2011 conference was held March 22-25, 2011 at National Institute of Standards and Technology (NIST) in Gaithersburg, Maryland, USA. The purpose of this event was for the community to discuss key security automation-related initiatives including Open Vulnerability and Assessment Language (OVAL®), Extensible Configuration Checklist Description Format (XCCDF), Open Checklist Interactive Language (OCIL), Remediation, and related topics such as Common Platform Enumeration (CPE™) and Common Configuration Enumeration (CCE™), in detail to further the development of these initiatives and to derive solutions that benefit all concerned parties. The conference, hosted by NIST, is a collaborative effort of NIST and the MITRE Corporation. For additional information and downloads, visit: http://www.nist.gov/itl/csd/sec-automation-developer.cfm. IT Security Automation Conference 2010CPE was the topic of two briefings, entitled "CPE Update" and "CPE & CCE Tutorials," at the 6th Annual IT Security Automation Conference hosted by the National Institute of Standards and Technology, in conjunction with the Department of Homeland Security, National Security Agency, and Defense Information Systems Agency, on September 27-29, 2010. "Security automation leverages [the CVE, CCE, CPE, OVAL, XCCDF, and CVSS community] standards and specifications to reduce the complexity and time necessary to manage vulnerabilities, measure security, and ensure compliance, freeing resources to focus on other areas of the IT infrastructure." For additional information and downloads, visit: http://www.nist.gov/itl/csd/2010-scap-conference.cfm. Security Automation Developer Days 2010MITRE hosted the second Security Automation Developer Days conference, at which CPE was a main topic, on June 14-16, 2010, at MITRE in Bedford, Massachusetts, USA. The purpose of the three-day conference is for the community to discuss all current and emerging Security Content Automation Protocol (SCAP) standards in technical detail and to derive solutions that benefit all concerned parties. A brief technical overview of software assurance efforts sponsored by the Department of Homeland Security was also provided on the third day of the conference. For additional information and to review meeting minutes and downloads, visit: http://msm.mitre.org/participation/devdays.html#2010. CPE Developer Days Web Conference — May 2010MITRE hosted a CPE Developer Days Web Conference on May 14, 2010 for the community to discuss technical plans for the upcoming release of the CPE Version 2.3 specification suite. Brant Cheikes of MITRE reviewed plans for the Naming, Matching, and Language specifications, and Paul Cichonski of NIST reviewed plans for the Dictionary specification. Materials from the event include the following:
Security Automation Developer Days Conference — Winter 2010CPE was a main topic at the Security Automation Developer Days Winter 2010 conference held on February 22-24, 2010 at National Institute of Standards and Technology (NIST) in Gaithersburg, Maryland, USA. For additional information and to review meeting minutes and downloads, visit http://msm.mitre.org/participation/devdays.html#winter2010. Security Automation Developer Days Conference — 2009CPE was included as a topic at the first-ever Security Automation Developer Days 2009 conference held June 8-12, 2009 at MITRE in Bedford, Massachusetts, USA. For additional information visit http://msm.mitre.org/participation/devdays.html. CPE Developer Days Conference — 2008CPE’s first-ever Developer Days conference was held on April 30, 2008 at MITRE Corporation in Bedford, Massachusetts, USA. Specific topics included history of CPE, MITRE’s role, use cases, current status and ways to improve the CPE Dictionary, aliases, abbreviations, wild cards, major version transitions, CPE coverage, numerical identifiers, and using a tagged approach. Materials from the event include the following:
|
||||
