Re: [Full-disclosure] Project Chroma: A color code for the state ofcyber security



By the way, I also noticed that the new site for your project has the
current threat level as yellow. Is it safe to assume that you've already got
your metric systems in place and running?

On Sun, Nov 30, 2008 at 9:41 PM, Mike C <mike.cartall@xxxxxxxxx> wrote:

Yes,

The project Chroma leads know of various efforts. But these are either
vendor specific, or old and unstandardized. Project Chroma aims to be
very active, and will look to interact with security vendors to
implement the color codes in security products.

--
MC
Security Researcher
Lead, Project Chroma
http://sites.google.com/site/projectchromaproject/


On Sun, Nov 30, 2008 at 6:28 PM, Tomas L. Byrnes <tomb@xxxxxxxxxxx> wrote:
The SANS Internet Storm Center has been doing this for ages.

It has the advantage of being data driven, using the DShield reports as
a primary sensor mechanism.

http://isc.sans.org/



-----Original Message-----
From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
[mailto:full-disclosure-
bounces@xxxxxxxxxxxxxxxxx] On Behalf Of Mike C
Sent: Saturday, November 29, 2008 9:35 PM
To: Full Disclosure
Subject: [Full-disclosure] Project Chroma: A color code for the state
ofcyber security

Hi,

It is time to take an example from Homeland Security and define codes
of color for cyber-warfare threat levels. I propose the following:

Green level: There is negligible threat to online security.
Yellow level : There is a minimal level of threat, and this must be
monitored and contained.
Orange level: This level of threat indicates there are parties who are
actively engaging in cyber-warfare. Caution is required when online.
Red level: This level indicates a full blown cyber-war. It indicates
very high probability of all communications being intercepted.

While homeland security's implementation does not seem to have a real
world merit, such a threat level would certainly be very useful in the
online security realm. Please disseminate this announcement of the
project Chroma levels for online security. The immediate mission of
the project is to be picked up by the antivirus and security tools
vendors, so as to add the color codes to their products and provide
users with a tangible measure of their online security.

Current status: Threat level Yellow.

--
MC
Security Researcher
Lead, Project Chroma.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Relevant Pages