About Us Our Work Employment News & Events
MITRE Remote Access for MITRE Staff and Partners Site Map
Our Work
Overview
Mission Areas
Systems Engineering
Information Technology
MITRE Research Program
MITRE Federal Employee Fellowship Program
Technology Transfer Office
Technical Papers

Follow Us:
Visit MITRE on Facebook
Visit MITRE on Twitter
Visit MITRE on Linkedin
Visit MITRE on YouTube
View MITRE's RSS Feeds
View MITRE's Mobile Apps
Home > Our Work > Technical Papers >

The State of Security Automation Standards - 2011

November 2011

Gerard T. McGuire, The MITRE Corporation

ABSTRACT

Security automation standards sponsored by the U.S. Government have evolved significantly in the decade since MITRE created and released the Common Vulnerabilities and Exposures (CVE) dictionary. There are now more than two dozen individual standards in use or under development supporting a wide range of security information and functionality. These standards are supported by a variety of sponsors and governance models as well as an ever-growing community of developers, implementers, and users.

Reflective of a growing community, the attendance at NIST's Security Automation Conference has continued to grow over the past several years. The more mature of the standards have been incorporated into hundreds of tools and CVE has become virtually ubiquitous in its subject area. Given the ever-increasing community of adopters, implementers, and contributors, it is clear that the overall security automation effort has been highly successful thus far, and its capabilities and interest in those capabilities continue to grow.

This paper seeks to provide an overview of all the components in security automation as of August 2011.

View/Download Document

Additional Search Keywords

software assurance, security automation standards, Common Vulnerabilities and Exposures, CVEs, NIST Security Automation Conference, National Institute of Standards and Technology, Security Content Automation Protocol, SCAP, Open Vulnerability and Assessment Language, OPAL

 

Page last updated: January 6, 2012   |   Top of page

Homeland Security Center Center for Enterprise Modernization Command, Control, Communications and Intelligence Center Center for Advanced Aviation System Development

 
 
 

Solutions That Make a Difference.®
Copyright © 1997-2013, The MITRE Corporation. All rights reserved.
MITRE is a registered trademark of The MITRE Corporation.
Material on this site may be copied and distributed with permission only.
IDG's Computerworld Names MITRE a "Best Place to Work in IT" for Eighth Straight Year The Boston Globe Ranks MITRE Number 6 Top Place to Work Fast Company Names MITRE One of the "World's 50 Most Innovative Companies"
 

Privacy Policy | Contact Us