|
The State of Security Automation Standards - 2011
November 2011
Gerard T. McGuire, The MITRE Corporation
ABSTRACT
Security automation standards sponsored by the U.S. Government have evolved significantly in
the decade since MITRE created and released the Common Vulnerabilities and Exposures (CVE)
dictionary. There are now more than two dozen individual standards in use or under development
supporting a wide range of security information and functionality. These standards are supported
by a variety of sponsors and governance models as well as an ever-growing community of
developers, implementers, and users.
Reflective of a growing community, the attendance at NIST's Security Automation Conference
has continued to grow over the past several years. The more mature of the standards have been
incorporated into hundreds of tools and CVE has become virtually ubiquitous in its subject area.
Given the ever-increasing community of adopters, implementers, and contributors, it is clear that
the overall security automation effort has been highly successful thus far, and its capabilities and
interest in those capabilities continue to grow.
This paper seeks to provide an overview of all the components in security automation as of
August 2011.

Additional Search Keywords
software assurance, security automation standards, Common Vulnerabilities and Exposures, CVEs, NIST Security Automation Conference, National Institute of Standards and Technology, Security Content Automation Protocol, SCAP, Open Vulnerability and Assessment Language, OPAL
|