Re: computer/vulnerability database

Jerry, I'm not sure if this is what you're looking for (as I didn't
really grasp your question) but OpenFISMA may apply. It's targeted at
a US Govt Federal audience but it's concepts may be very applicable
for you regardless. OpenFISMA is what an organization would use to
keep track of their vulnerabilities and how they're addressing the
issues AFTER they have already been identified.

Matt Z

On Fri, Jan 9, 2009 at 8:01 AM, Shenk, Jerry A
<jshenk@xxxxxxxxxxxxxxxxxxxx> wrote:
Does anybody have any thoughts about a database for an audit to contain
current vulnerability issues and subsequent updates?

I imagine that it should have at least two tables - one table for
computers and another table for vulnerabilities. Obviously, each
computer can have multiple vulnerabilities and it would be nice to be
able to generate a report for each vulnerability. I also think it would
be good to have the ability to note when vulnerabilities are resolved as
an additional note.

This e-mail message and any files transmitted with it are intended for the use of the individual or entity to which they are addressed and may contain information that is privileged, proprietary and confidential. If you are not the intended recipient, you may not use, copy or disclose to anyone the message or any information contained in the message. If you have received this communication in error, please notify the sender and delete this e-mail message. The contents do not represent the opinion of D&E except to the extent that it relates to their official business.