Common Attack Pattern Enumeration and Classification

News & Events

Current News | Twitter | LinkedIn | YouTube | Podcast | Blog | News Archive

2010 Archive

CAPEC List Version 1.6 Now Available

CAPEC Version 1.6 has been posted on the CAPEC List page. A detailed report is available that lists specific changes between Version 1.5 and Version 1.6.

Changes for the new release include 75 new attack patterns within 3 new pattern categories: Physical Security Attacks, Social Engineering Attacks, and Supply Chain Attacks. There were also significant revisions to the Observables sub-schema.

Comments are welcome on the CAPEC Researcher email discussion list. Future updates will be noted here and on the CAPEC Researcher list.

CAPEC/CWE/MAEC Briefings at DHS/DoD/NIST SwA Working Group Meeting, December 14-16

CAPEC/CWE Co-Founder and Architect Sean Barnum is scheduled to present a briefing about CAPEC, CWE/CAPEC Program Manager Robert A. Martin is scheduled to present briefings about CWE, and MAEC Program Manager Penny Chase will present a briefing about MAEC to the DHS/DoD SwA Working Group Meeting Session on December 14-16, 2010 at MITRE Corporation in McLean, Virginia, USA.

Visit the CAPEC Calendar for information on this and other events.

CAPEC/Making Security Measurable Briefing at ITU-T Security Workshop

CAPEC/CWE Program Manager Robert A. Martin presented a briefing about CAPEC/Making Security Measurable entitled "Vendor Neutral Security Measurement & Management with Standards" at ITU-T security workshop "Addressing Security Challenges on a Global Scale" on December 6-7, 2010 in Geneva, Switzerland.

Visit the CAPEC Calendar for information on this and other events.

Software Assurance Panel Discussion at CIP Congress

CAPEC/CWE Program Manager Robert A. Martin participated on a discussion panel about Software Assurance at CIP Congress on November 30- December 2, 2010 in Washington, D.C., USA.

Visit the CAPEC Calendar for information on this and other events.

CWE and Making Security Measurable Panel Presentation at Rethinking Cyber Security: A Systems-Based Approach Conference

CAPEC/CWE Program Manager Robert A. Martin made a panel presentation about the Common Weakness Enumeration (CWE) initiative and Making Security Measurable at Rethinking Cyber Security: A Systems-Based Approach Conference on November 16, 2010 in Charlottesville, Virginia, USA.

Visit the CAPEC Calendar for information on this and other events.

CAPEC/CWE/MAEC Panel Discussion at 11th Annual Security Conference

CAPEC/CWE Co-Founder and Architect Sean Barnum participated on a discussion panel about CAPEC, CWE, and MAEC entitled "Current Attack Patterns and What's on the Horizon" at 11th Annual Security Conference on November 17, 2010 in Washington, D.C., USA.

Visit the CAPEC Calendar for information on this and other events.

CWE and Making Security Measurable Panel Presentation at Rethinking Cyber Security: A Systems-Based Approach Conference, November 16

CAPEC/CWE Program Manager Robert A. Martin will make a panel presentation about the Common Weakness Enumeration (CWE) initiative and Making Security Measurable at Rethinking Cyber Security: A Systems-Based Approach Conference on November 16, 2010 in Charlottesville, Virginia, USA.

Visit the CAPEC Calendar for information on this and other events.

CAPEC/CWE/MAEC Panel Discussion at 11th Annual Security Conference, November 17

CAPEC/CWE Co-Founder and Architect Sean Barnum will participate on a discussion panel about CAPEC, CWE, and MAEC entitled "Current Attack Patterns and What's on the Horizon" at 11th Annual Security Conference on November 17, 2010 in Washington, D.C., USA.

Visit the CAPEC Calendar for information on this and other events.

Software Assurance Panel Discussion at CIP Congress, November 30-December 2

CAPEC/CWE Program Manager Robert A. Martin will participate on a discussion panel about Software Assurance at CIP Congress on November 30 - December 2, 2010 in Washington, D.C., USA.

Visit the CAPEC Calendar for information on this and other events.

Software Assurance and MAEC Briefing at SC World Congress

CAPEC/CWE Program Manager Robert A. Martin presented a briefing about Software Assurance and the Malware Attribute Enumeration and Characterization (MAEC) Initiative at SC World Congress on November 10-11, 2010 in New York, New York, USA.

Visit the CAPEC Calendar for information on this and other events.

CAPEC and CWE/Making Security Measurable Briefings at AppSec DC 2010

CAPEC/CWE Co-Founder and Architect Sean Barnum presented a briefing about CAPEC entitled "Understanding How They Attack Your Weaknesses" and a briefing about CWE/Making Security Measurable entitled "Making Security Measurable" at Open Web Application Security Project (OWASP)'s AppSec DC 2010 on November 10, 2010 in Washington, D.C., USA.

Visit the CAPEC Calendar for information on this and other events.

CAPEC/CWE Keynote Presentation at SecureSDLC Conference

CAPEC/CWE Program Manager Robert A. Martin presented a briefing about the CWE/SANS Top 25 List entitled "Avoiding the Most Dangerous Software Security Weaknesses – the 2010 Top 25" that included CAPEC and its relationship to the Top 25 at SecureSDLC: Building Security into the Software Lifecycle on November 4, 2010 in Washington D.C., USA.

Visit the CAPEC Calendar for information on this and other events.

MAEC and Software Assurance Briefing at CSI Annual Conference

CAPEC/CWE Program Manager Robert A. Martin presented a briefing about Software Assurance and the Malware Attribute Enumeration and Characterization (MAEC) Initiative at CSI Annual Conference on October 28, 2010 in National Harbor, Maryland, USA.

Visit the CAPEC Calendar for information on this and other events.

Software Assurance Panel at SIGAda Conference 2010

Director for Software Assurance at U.S. Department of Homeland Security (DHS) National Cyber Security Division (NCSD), Joe Jarzombek chaired a discussion panel that included CAPEC/CWE Program Manager Robert A. Martin and CAPEC/CWE Co-Founder and Architect Sean Barnum entitled "Mitigating Risks to the Enterprise via Software Assurance" at SIGAda Conference 2010 on October 28, 2010 in Fair Lakes, Virginia, USA. NCSD is the sponsor of CAPEC, CWE, and MAEC.

Visit the CAPEC Calendar for information on this and other events.

"CWE/SANS Top 25" Keynote Presentation at Software Test Professionals Conference 2010

CAPEC/CWE Program Manager Robert A. Martin gave a keynote presentation about the CWE/SANS Top 25 List entitled "2010's Top 25 Most Dangerous Application Security Weaknesses" at Software Test Professionals Conference & Expo 2010 on October 21, 2010 in Las Vegas, Nevada, USA. Attendees learned the 25 Most Dangerous Programming Software Errors, what they can do as a tester to determine and identify these potential vulnerabilities, and how to help create test cases to address them. CAPEC and its relationship to the Top 25 was also mentioned.

Visit the CAPEC Calendar for information on this and other events.

CAPEC/CWE Briefing at 2010 Federal Cybersecurity Conference and Workshop

CAPEC/CWE Co-Founder and Architect Sean Barnum presented a briefing about the CAPEC and Common Weakness Enumeration (CWE) at 2010 Federal Cybersecurity Conference and Workshop on October 21, 2010 in Washington, D.C., USA. In addition, OVAL Program Manager Jonathan Baker presented a briefing about the Open Vulnerability and Assessment Language (OVAL)/Security Content Automation Protocol (SCAP) initiatives on October 20.

Visit the CAPEC Calendar for information on this and other events.

"CWE/SANS Top 25" Keynote Presentation at Software Test Professionals Conference 2010, October 21

CAPEC/CWE Program Manager Robert A. Martin will give a keynote presentation about the CWE/SANS Top 25 List entitled "2010's Top 25 Most Dangerous Application Security Weaknesses" at Software Test Professionals Conference & Expo 2010 on October 21, 2010 in Las Vegas, Nevada, USA. Attendees will learn the 25 Most Dangerous Programming Software Errors, what they can do as a tester to determine and identify these potential vulnerabilities, and how to help create test cases to address them. CAPEC and its relationship to the Top 25 will also be mentioned.

Visit the CAPEC Calendar for information on this and other events.

MAEC and Software Assurance Briefing at CSI Annual Conference, October 28

CAPEC/CWE Program Manager Robert A. Martin will present a briefing about Software Assurance and the Malware Attribute Enumeration and Characterization (MAEC) Initiative at CSI Annual Conference on October 28, 2010 in National Harbor, Maryland, USA.

Visit the CAPEC Calendar for information on this and other events.

Software Assurance Panel at SIGAda Conference 2010, October 28

Director for Software Assurance at U.S. Department of Homeland Security (DHS) National Cyber Security Division (NCSD), Joe Jarzombek will chair a discussion panel that includes CAPEC/CWE Program Manager Robert A. Martin and CAPEC/CWE Co-Founder and Architect Sean Barnum entitled "Mitigating Risks to the Enterprise via Software Assurance" at SIGAda Conference 2010 on October 28, 2010 in Fair Lakes, Virginia, USA. NCSD is the sponsor of CAPEC, CWE, and MAEC.

Visit the CAPEC Calendar for information on this and other events.

CAPEC/CWE/MAEC and Making Security Measurable Briefings at DHS/DoD/NIST SwA Forum

CAPEC/CWE Co-Founder and Architect Sean Barnum presented a briefing about CAPEC, CWE/CAPEC Program Manager Robert A. Martin presented briefings about CWE and Making Security Measurable, and MAEC Program Manager Penny Chase presented a briefing about MAEC to the DHS/DoD/NIST SwA Forum on September 27-October 1, 2010 at the U.S. National Institute of Standards and Technology (NIST) in Gaithersburg, Maryland, USA.

Visit the CAPEC Calendar for information on this and other events.

CAPEC Briefing and Making Security Measurable Booth at IT Security Automation Conference 2010

CAPEC/CWE Co-Founder and Architect Sean Barnum presented a briefing about CAPEC at the U.S. National Institute of Standards and Technology's (NIST) 6th Annual IT Security Automation Conference on September 27-29, 2010 in Baltimore, Maryland, USA.

In addition, MITRE hosted a CAPEC/Making Security Measurable booth and presented briefings and/or participated on discussion panels about the Making Security Measurable, CWE, MAEC, CVE, CCE, CPE, OVAL, XCCDF, CVSS, ARF, and CEE efforts.

Visit the CAPEC Calendar for information on this and other events.

Discussion Panel and Making Security Measurable Booth at HSNI 2010

MITRE participated in a SCAP Panel Discussion about CVE, CCE, CPE, OVAL, XCCDF, and OCIL, and hosted a Making Security Measurable table booth, at Homeland Security for Networked Industries (HSNI) 2010 Conference and Expo on September 20-21, 2010 in Washington, D.C., USA.

Visit the CAPEC Calendar for information on this and other events.

CAPEC Briefing and Making Security Measurable Booth at IT Security Automation Conference 2010, September 27-29

CAPEC/CWE Co-Founder and Architect Sean Barnum will present a briefing about CAPEC at the U.S. National Institute of Standards and Technology's (NIST) 6th Annual IT Security Automation Conference on September 27-29, 2010 in Baltimore, Maryland, USA.

In addition, MITRE will host a CAPEC/Making Security Measurable booth and present briefings and/or participate on discussion panels about the Making Security Measurable, CWE, MAEC, CVE, CCE, CPE, OVAL, XCCDF, CVSS, ARF, and CEE efforts.

Visit the CAPEC Calendar for information on this and other events.

CAPEC/CWE/MAEC and Making Security Measurable Briefings at DHS/DoD/NIST SwA Forum, September 27-October 1

CAPEC/CWE Co-Founder and Architect Sean Barnum is scheduled to present a briefing about CAPEC, CWE/CAPEC Program Manager Robert A. Martin is scheduled to present briefings about CWE and Making Security Measurable, and MAEC Program Manager Penny Chase will present a briefing about MAEC to the DHS/DoD/NIST SwA Forum on September 27-October 1, 2010 at the U.S. National Institute of Standards and Technology (NIST) in Gaithersburg, Maryland, USA.

Visit the CAPEC Calendar for information on this and other events.

Discussion Panel and Making Security Measurable Booth at HSNI 2010, September 20-21

MITRE will participate in a SCAP Panel Discussion about CVE, CCE, CPE, OVAL, XCCDF, and OCIL, and host a Making Security Measurable table booth, at Homeland Security for Networked Industries (HSNI) 2010 Conference and Expo on September 20-21, 2010 in Washington, D.C., USA.

Visit the CAPEC Calendar for information on this and other events.

CAPEC/CWE/MAEC and Making Security Measurable Briefing at GFIRST National Conference

CAPEC, CWE, MAEC, and Making Security Measurable were key parts of a briefing entitled "Software Assurance: Mitigating Risks to Improve Incident Management" presented at the 6th Annual GFIRST National Conference in San Antonio, Texas, USA, on August 17, 2010 by Director for Software Assurance at DHS NCSD, Joe Jarzombek, Deputy Operations Manager at US-CERT, Thomas Millar, CWE/CAPEC Program Manager Robert A. Martin, and CAPEC/CWE Co-Founder and Architect Sean Barnum. The conference itself ran August 15-20.

Visit the CAPEC Calendar for information on this and other events.

CAPEC/CWE/MAEC and Making Security Measurable Briefing at GFIRST National Conference

CAPEC, CWE, MAEC, and Making Security Measurable are key parts of a briefing entitled "Software Assurance: Mitigating Risks to Improve Incident Management" scheduled to be presented at the 6th Annual GFIRST National Conference in San Antonio, Texas, USA, on August 17, 2010 by Director for Software Assurance at DHS NCSD, Joe Jarzombek, Deputy Operations Manager at US-CERT, Thomas Millar, CWE/CAPEC Program Manager Robert A. Martin, and CAPEC/CWE Co-Founder and Architect Sean Barnum. The conference itself runs August 15-20.

Visit the CAPEC Calendar for information on this and other events.

CAPEC Briefing at DefCon 18

CAPEC/CWE Co-Founder and Architect Sean Barnum presented a briefing about CAPEC at DefCon 18 on August 1, 2010 at the Riviera Hotel and Casino in Las Vegas in Las Vegas, Nevada, USA.

Visit the CAPEC Calendar for information on this and other events.

CAPEC/Making Security Measurable Booth at Black Hat Briefings 2010

CAPEC participated in a Making Security Measurable booth at Black Hat Briefings 2010 on July 28-29, 2010 at Caesars Palace Las Vegas in Las Vegas, Nevada, USA. Attendees learned how information security data standards facilitate both effective security process coordination and the use of automation to assess, manage, and improve the security posture of enterprise security information infrastructures.

Visit the CAPEC Calendar for information on this and other events.

CAPEC/Making Security Measurable Booth at Black Hat Briefings 2010, July 28-29

CAPEC is scheduled to participate in a Making Security Measurable booth at Black Hat Briefings 2010 on July 28-29, 2010 at Caesars Palace Las Vegas in Las Vegas, Nevada, USA.

Stop by Booth 65 and learn how information security data standards facilitate both effective security process coordination and the use of automation to assess, manage, and improve the security posture of enterprise security information infrastructures.

Visit the CAPEC Calendar for information on this and other events.

CAPEC Briefing at DefCon 18, August 1

Members of the CAPEC/CWE community will present a briefing about CAPEC at DefCon 18 on August 1, 2010 at the Riviera Hotel and Casino in Las Vegas in Las Vegas, Nevada, USA.

Visit the CAPEC Calendar for information on this and other events.

CAPEC/CWE/MAEC Briefings at DHS/DoD SwA Working Group Meeting Session

CAPEC/CWE Co-Founder and Architect Sean Barnum presented a briefing about CAPEC, CWE Team Member Conor Harris presented a briefing about CWE, MAEC Program Manager Penny Chase presented a briefing about MAEC, CWE Technical Lead Steve Christey presented a briefing about the Common Weakness Scoring System (CWSS) and Pocket Guides, and CWE/CAPEC Program Manager Robert A. Martin presented a briefing about Software Assurance Automation Protocol (SwAAP) at the DHS/DoD SwA Working Group Meeting Session on June 21-23, 2010 in Balston, Virginia, USA.

Visit the CAPEC Calendar for information on this and other events.

CAPEC/CWE/MAEC Briefings at Security Automation Developer Days 2010

CWE/CAPEC Co-Founder and Architect Sean Barnum presented CWE and CAPEC briefings and MAEC Program Manager Penny Chase presented a briefing about MAEC at MITRE's Security Automation Developer Days 2010 on June 16, 2010 at MITRE in Bedford, Massachusetts, USA.

The main purpose of the three-day conference, held June 14-16, was for the information security community to discuss current and emerging Security Content Automation Protocol (SCAP) standards in technical detail and to derive solutions that benefit all concerned parties.

Visit the CAPEC Calendar for information on this and other events.

Making Security Measurable Briefing at Seventh Biennial Multinational Operations Conference

CAPEC/CWE Co-Founder and Architect Sean Barnum presented a briefing about Making Security Measurable at the Seventh Biennial Multinational Operations Conference held at MITRE in McLean, Virginia USA on June 2-3, 2010.

Visit the CAPEC Calendar for information on this and other events.

MITRE Hosts Making Security Measurable Booth at InfoSec World 2010

MITRE hosted a Making Security Measurable booth at MIS Training Institute's (MISTI) InfoSec World Conference & Expo 2010 at the Disney Coronado Springs Resort, in Orlando, Florida, USA, on April 19-21, 2010. Attendees learned how information security data standards facilitate both effective security process coordination and the use of automation to assess, manage, and improve the security posture of enterprise security information infrastructures.

Visit the CAPEC Calendar for information on this and other events.

CAPEC/CWE Panel Discussion at SOURCE Boston Conference

CAPEC/CWE Program Manager Robert A. Martin and CAPEC/CWE Technical Lead Steve Christey participated on a CAPEC/CWE panel discussion, and Christey presented a briefing about Common Weakness Enumeration (CWE), at SOURCE Boston Conference on April 21-23, 2010 in Boston, Massachusetts, USA.

Visit the CAPEC Calendar for information on this and other events.

CAPEC List Version 1.5 Now Available

CAPEC Version 1.5 has been posted on the CAPEC List page. A detailed report is available that lists specific changes between Version 1.4 and Version 1.5.

Changes for the new release include: 24 new attack patterns, 34 existing attack patterns modified with enhanced material, and 1 attack pattern deprecated; 1 new view added, CAPEC-View-333 - WASC Threat Classification 2.0; 64 CAPEC-to-CWE mappings added; and, 1 CAPEC-to-CAPEC mapping added, and 3 CAPEC-to-CAPEC mappings removed.

Comments are welcome on the CAPEC Researcher email discussion list. Future updates will be noted here and on the CAPEC Researcher list.

MITRE to Host "Making Security Measurable" Booth at InfoSec World 2010, April 19-21

MITRE is scheduled to host a Making Security Measurable booth at MIS Training Institute's (MISTI) InfoSec World Conference & Expo 2010 at the Disney Coronado Springs Resort, in Orlando, Florida, USA, on April 19-21, 2010. Please stop by booth 319 and say hello!

Visit the CAPEC Calendar for information on this and other events.

CAPEC/CWE Briefing and Panel Discussion at SOURCE Boston Conference, April 21-23

CAPEC/CWE Program Manager Robert A. Martin and CAPEC/CWE Technical Lead Steve Christey are scheduled to participate on a CAPEC/CWE panel discussion, and Christey is scheduled to present a briefing about Common Weakness Enumeration (CWE), at SOURCE Boston Conference on April 21-23, 2010 in Boston, Massachusetts, USA.

Visit the CAPEC Calendar for information on this and other events.

CAPEC/CWE Briefing at GovSec/FOSE

CAPEC/CWE Program Manager Robert A. Martin presented a briefing about CAPEC and Common Weakness Enumeration (CWE) at GovSec/FOSE on March 23-24, 2010 in Washington, D.C., USA.

Visit the CAPEC Calendar for information on this and other events.

MITRE Hosts Making Security Measurable Booth at RSA 2010

MITRE hosted a Making Security Measurable booth at RSA 2010 at the Moscone Center in San Francisco, California, USA, on March 1-5, 2010. Attendees learned how information security data standards facilitate both effective security process coordination and the use of automation to assess, manage, and improve the security posture of enterprise security information infrastructures.

Visit the CAPEC Calendar for information on this and other events.

MITRE Presents Making Security Measurable Briefing at DHS/DoD/NIST SwA Forum

CAPEC/CWE Program Manager Robert A. Martin presented a briefing about Making Security Measurable at the DHS/DoD/NIST SwA Forum on March 9-12, 2010. The event was hosted at MITRE Corporation in McLean, Virginia, USA.

Visit the CAPEC Calendar for information on this and other events.

MITRE to Host Making Security Measurable Booth at RSA 2010, March 1-5

MITRE is scheduled to host Making Security Measurable booth at RSA 2010 at the Moscone Center in San Francisco, California, USA, on March 1-5, 2010. Please stop by Booth 2617 and say hello!

Visit the CAPEC Calendar for information on this and other events.

MITRE to Present Making Security Measurable Briefing at DHS/DoD/NIST SwA Forum, March 9-12

CAPEC/CWE Program Manager Robert A. Martin is scheduled to present a briefing about Making Security Measurable to the DHS/DoD/NIST SwA Forum on March 9-12, 2010 at MITRE Corporation in McLean, Virginia, USA.

Visit the CAPEC Calendar for information on this and other events.

MITRE Hosts Making Security Measurable Booth at the 2010 Information Assurance Symposium

MITRE hosted a Making Security Measurable booth at the 2010 Information Assurance Symposium in Nashville, Tennessee, USA, on February 2-5, 2010. The symposium is designed to bring together industry, government, and military information assurance professionals with "the latest Information Assurance (IA) products and solutions available to secure voice and data networks."

Visit the CAPEC Calendar for information on this and other events.

MITRE Announces Initial "Making Security Measurable" Calendar of Events for 2010

MITRE has announced its initial Making Security Measurable calendar of events for 2010. Details regarding MITRE's scheduled participation at these events are noted on the CAPEC Calendar page. Each listing includes the event name with URL, date of the event, location, and a description of our activity at the event.

Other events may be added throughout the year. Visit the CAPEC Calendar for information or contact capec@mitre.org to have MITRE present a briefing or participate in a panel discussion about CAPEC, CWE, CVE, CCE, CPE, CEE, MAEC, OVAL, and/or Making Security Measurable.

MITRE's New "Malware Attribute Enumeration and Characterization" Standardization Effort Leverages CAPEC and CWE

Malware Attribute Enumeration and Characterization (MAEC™) is a community initiative to create a standardized language for encoding and communicating high-fidelity information about malware based upon attributes such as behaviors, artifacts, and attack patterns. MAEC leverages the CAPEC and Common Weakness Enumeration (CWE™) standards as part of its approach to describing malware.

MAEC will make use of CAPEC for describing the relevant attack patterns associated with the high-level malware taxonomy, such as those dealing with network reconnaissance, propagation, insertion, and command and control. MAEC's usage of CAPEC will allow for such behaviors to be defined through an industry standard attack pattern enumeration, thus ensuring that the attacker's perspective in implementing these behaviors is properly represented. If it is determined that a malware instance exploits a particular software weakness, MAEC will link to its corresponding CWE Entry. This linkage will allow for the generation of statistics with regard to the most common types of weaknesses being exploited by malware, thereby highlighting the areas where better security-oriented coding practices need to be implemented.

Please visit the MAEC Web site to learn more or join the effort.

CAPEC/CWE and MAEC Briefings at DHS/DoD SwA Working Group Meeting Session

CAPEC/CWE Program Manager Robert A. Martin presented a briefing about CAPEC/CWE and MAEC Program Manager Penny Chase presented a briefing about MAEC at the DHS/DoD SwA Working Group Meeting Session on December 15-17, 2009 at MITRE Corporation in McLean, Virginia, USA.

Visit the CAPEC Calendar for information on this and other events.

CAPEC/CWE/MAEC Briefing at Cyber Security for National Defense Summit

CAPEC/CWE Program Manager Robert A. Martin presented a briefing about CAPEC/CWE/MAEC at IDGA's Cyber Security for National Defense Summit on November 16-18, 2009 in Washington, D.C., USA.

Visit the CAPEC Calendar for information on this and other events.

Security Automation Is Main Focus of DoD's IAnewsletter

"Security Automation: A New Approach to Managing and Protecting Critical Information" is the main topic of the Winter 2010 issue of the Department of Defense's (DoD) Information Assurance Technology Analysis Center's (IATAC) IAnewsletter.

According to the newsletter, a security automation strategy will enable automation of "many security and configuration management, compliance, and network defense functions and give our [DoD] system administrators and network defenders a chance to succeed." Specific articles topics include: An Introduction to Security Automation; Security Automation: A New Approach Managing and Protecting Critical Information; Security Content Automation Protocol; Secure Configuration Management (SCM); DoD Activities Underway to Mature SCAP Standards; Why Industry Needs Federal Government Leadership to Gain the Benefits of Security Automation; and Practicing Standards-Based Security Assessment and Management.

In addition, MITRE's CVE, CCE, CPE, and OVAL information assurance data standards are mentioned throughout the issue, especially with regard to how they are utilized by the National Institute of Standards and Technology's (NIST) Security Content Automation Protocol (SCAP) to help enable automated, standards-based security assessment and management.

The newsletter is free to download from the IATAC Web site.