PRESS-NEWS.org - Press Release Distribution
PRESS RELEASES DISTRIBUTION

2 new SCAP documents help improve automating computer security management

2011-03-18
(Press-News.org) It's increasingly difficult to keep up with all the vulnerabilities present in today's highly complex operating systems and applications. Attackers constantly search for and exploit these vulnerabilities to commit identity fraud, intellectual property theft and other attacks. The National Institute of Standards and Technology (NIST) has released two updated publications that help organizations to find and manage vulnerabilities more effectively, by standardizing the way vulnerabilities are identified, prioritized and reported.

Computer security departments work behind the scenes at government agencies and other organizations to keep computers and networks secure. A valuable tool for them is security automation software that uses NIST's Security Content Automation Protocol (SCAP). Software based on SCAP can be used to automatically check individual computers to see if they have any known vulnerabilities and if they have the appropriate security configuration settings and patches in place. Security problems can be identified quickly and accurately, allowing them to be resolved before hackers can exploit them.

The first publication, The Technical Specifications for the Security Content Automation Protocol (SCAP) Version 1.1 (NIST Special Publication (SP) 800-126 Revision 1) refines the protocol's requirements from the SCAP 1.0 version. SCAP itself is a suite of specifications for standardizing the format and nomenclature by which security software communicates to assess software flaws, security configurations and software inventories.

SP 800-126 Rev. 1 tightens the requirements of the individual specifications in the suite to support SCAP's functionality and ensure interoperability between SCAP tools. It also adds a new specification—the Open Checklist Interactive Language (OCIL)—that allows security experts to gather information that is not accessible by automated means. For example, OCIL could be used to ask users about their recent security awareness training or to prompt a system administrator to review security settings only available through a proprietary graphical user interface. Additionally, SCAP 1.1 calls for the use of the 5.8 version of the Open Vulnerability and Assessment Language (OVAL).

NIST and others provide publicly accessible repositories of security information and standard security configurations in SCAP formats, which can be downloaded and used by any tool that complies with the SCAP protocol. For example, the NIST-run National Vulnerability Database (NVD) provides a unique identifier for each reported software vulnerability, an analysis of its potential damage and a severity score. The NVD has grown from 6,000 listings in 2002 to about 46,000 in early 2011. It is updated daily.

The second document, Guide to Using Vulnerability Naming Schemes (Special Publication 800-51 Revision 1), provides recommendations for naming schemes used in SCAP. Before these schemes were standardized, different organizations referred to vulnerabilities in different ways, which created confusion. These naming schemes "enable better synthesis of information about software vulnerabilities and misconfigurations," explained co-author David Waltermire, which minimizes confusion and can lead to faster security fixes. The Common Vulnerabilities and Exposures (CVE) scheme identifies software flaws; the Common Configuration Enumeration (CCE) scheme classifies configuration issues.

SP 800-51 Rev.1 provides an introduction to both naming schemes and makes recommendations for using them. It also suggests how software and service vendors should use the vulnerability names and naming schemes in their products and service offerings.

### These new publications can be downloaded from the NIST website. The Technical Specifications for the Security Content Automation Protocol (SCAP) Version 1.1 (NIST Special Publication 800-126 Revision 1) can be found at http://csrc.nist.gov/publications/nistpubs/800-126-rev1/SP800-126r1.pdf. The Guide to Using Vulnerability Naming Schemes (Special Publication 800-51 Revision 1) can be found at http://csrc.nist.gov/publications/nistpubs/800-51-rev1/SP800-51rev1.pdf.


ELSE PRESS RELEASES FROM THIS DATE:

LateRooms.com - Head to Naples for The Aesthetics of Mould

2011-03-18
The Aesthetics of Mould is a new art exhibition in Naples that examines the creative process and compares it to the way nature evolves. Running from March 25th to April 30th 2011, it will see the work of the production duo Ttozoi displayed at the Piazza S Eframo Vecchio. The strange and captivating images created by the artists are very modern in their approach, but lean heavily on movements such as Gutai and abstract expressionism. According to the organisers, the art on show is a perfect example of how a piece is born when the creator finishes painting it, but ...

NASA satellites show towering thunderstorms in rare sub-tropical storm Arani

NASA satellites show towering thunderstorms in rare sub-tropical storm Arani
2011-03-18
NASA's Aqua and TRMM satellites are providing data to scientists about the Southern Atlantic Ocean Sub-tropical Storm Arani, a rare occurrence in the southern ocean. Rainfall data and cloud top temperatures revealed some heavy rain and strong thunderstorms exist in Arani as it continues to pull away from Brazil. NOAA's Satellite and Information Service classified Arani as a T1 on the Dvorak intensity scale which would indicate an estimated wind speed of about 29 knots (~33 mph). During the daytime on Tuesday, March 15 at 1820 UTC (2:20 p.m. EST) NASA's Tropical Rainfall ...

Physicists move closer to efficient single-photon sources

2011-03-18
Washington, D.C. (March 16, 2011) -- A team of physicists in the United Kingdom has taken a giant step toward realizing efficient single-photon sources, which are expected to enable much-coveted completely secure optical communications, also known as "quantum cryptography." The team presents its findings in Applied Physics Letters, a journal published by the American Institute of Physics. Fluorescent "defect centers" in diamond act like atomic-scale light sources and are trapped in a transparent material that's large enough to be picked up manually. They don't need to ...

'Pruned' microchips are faster, smaller, more energy-efficient

2011-03-18
GRENOBLE, France -- (March 16, 2011) -- An international team of computing experts from the United States, Switzerland and Singapore has created a breakthrough technique for doubling the efficiency of computer chips simply by trimming away the portions that are rarely used. "I believe this is the first time someone has taken an integrated circuit and said, 'Let's get rid of the part that we don't need,'" said principal investigator Krishna Palem, the Ken and Audrey Kennedy Professor of Computing at Rice University in Houston, who holds a joint appointment at Nanyang Technological ...

New study pinpoints why some microbial genes are more promiscuous than others

2011-03-18
Durham, NC — A new study of more than three dozen bacteria species — including the microbes responsible for pneumonia, meningitis, stomach ulcers and plague — settles a longstanding debate about why bacteria are more likely to steal some genes than others. While most organisms get their genes from their parents just like people do, bacteria and other single-celled creatures also regularly pick up genes from more distant relatives. This ability to 'steal' snippets of DNA from other species — known as lateral gene transfer — is responsible for the rapid spread of drug resistance ...

LateRooms.com - Experience the Passion of Belen Maya in Seville

2011-03-18
There is a treat in store for flamenco enthusiasts spending time in Seville next month, as critically acclaimed dancer and choreographer Belen Maya is going to take the stage. She will perform a piece entitled CIA with Olga Pericet, accompanied by singers and guitarists. The show will take place on April 5th at the Teatro Lope de Vega and its tagline translates as 'joyful dances for sad people'. Maya is the daughter of renowned flamenco performer Mario Maya, who passed away in 2008, but she has carved out a reputation of her own. Born in New York, she started ...

Does your name dictate your life choices?

2011-03-18
What's in a name? Letters. And psychologists have posited that the letters—particularly the first letter of our names—can influence decisions, including whom we marry and where we move. The effect is called "implicit egotism." In 2008, two Belgian researchers found that workers in their country were more likely to choose a workplace if the first letter of its name matched their own. A commentary published in an upcoming issue of Psychological Science, a journal of the Association for Psychological Science, revisited the study with similar U.S. data and found that the ...

Innovative technique gives vision researchers insight into how people recognize faces

2011-03-18
Rockville, MD — It is no surprise to scientists that the largest social network on the web is called Facebook. Identifying people by their face is fundamental to our social interactions, one of the primary reasons vision researchers are trying to find out how our brain processes facial identity. In a study recently published in the Journal of Vision, scientists used an original approach — a method that "shakes" the brain gently and repeatedly by making an image appear and disappear at a constant rate — to evaluate its sensitivity to perceiving facial identity. The technique ...

NASA's Aqua Satellite spies a '3-leaf Clover' view of Ireland for St. Patrick's Day

 NASAs Aqua Satellite spies a 3-leaf Clover view of Ireland for St. Patricks Day
2011-03-18
Typical clovers have three leaves, unless you happen to be lucky, and NASA's Aqua satellite has provided three different views of Ireland to mark Saint Patrick's Day on March 17, 2011. With the luck o' the Irish, NASA's Aqua satellite was fortunate to capturemostly clear views of the Emerald Isle in these near-infrared/visible, infrared and microwave light views acquired by Aqua's Atmospheric Infrared Sounder (AIRS) instrument on March 3, 2011, at 13:11 UTC. Ireland, located in the Atlantic Ocean, is the third-largest island in Europe, and originated the St. Patrick's ...

LateRooms.com - Bilbao's Gutun Zuria to be Inaugurated by Salman Rushdie

2011-03-18
Salman Rushdie will appear at the Bilbao international literature festival Gutun Zuria next month to kick off proceedings and lead a discussion. The author of Midnight's Children and The Satanic Verses will help to inaugurate this year's edition of the event alongside Slovaj Zizek, a Slovenian philosopher and critical theorist. Gutun Zuria will take place from April 7th to 10th at the Alhondiga Bilbao and feature a varied programme of music, film and debate, all relating to literature. One of the highlights of the festival looks set to be a talk by Rushdie, who ...

LAST 30 PRESS RELEASES:

Study of Sherpas highlights key role of kidneys in acclimatization to high altitudes

Smartphone app can help reduce opioid use and keep patients in treatment, UT Health San Antonio study shows

Improved health care value cannot be achieved by hospital mergers and acquisitions alone

People who are immunocompromised may not produce enough protective antibodies against RSV after vaccination

Does coffee prevent head and neck cancer?

AI replaces humans in identifying causes of fuel cell malfunctions

Pitfalls of FDA-approved germline cancer predisposition tests

A rising trend of 'murderous verbs' in movies over 50 years

Brain structure differences are associated with early use of substances among adolescents

Pain coping skills training for patients receiving hemodialysis

Trends of violence in movies during the past half century

Major depressive disorder and driving behavior among older adults

John Howington, MD, MBA, FCCP, to become the 87th President of the American College of Chest Physicians

Preclinical study finds surges in estrogen promote binge drinking in females

Coming AI economy will sell your decisions before you take them, researchers warn

NASA’s Parker Solar Probe makes history with closest pass to Sun

Are we ready for the ethical challenges of AI and robots?

Nanotechnology: Light enables an "impossibile" molecular fit

Estimated vaccine effectiveness for pediatric patients with severe influenza

Changes to the US preventive services task force screening guidelines and incidence of breast cancer

Urgent action needed to protect the Parma wallaby

Societal inequality linked to reduced brain health in aging and dementia

Singles differ in personality traits and life satisfaction compared to partnered people

President Biden signs bipartisan HEARTS Act into law

Advanced DNA storage: Cheng Zhang and Long Qian’s team introduce epi-bit method in Nature

New hope for male infertility: PKU researchers discover key mechanism in Klinefelter syndrome

Room-temperature non-volatile optical manipulation of polar order in a charge density wave

Coupled decline in ocean pH and carbonate saturation during the Palaeocene–Eocene Thermal Maximum

Unlocking the Future of Superconductors in non-van-der Waals 2D Polymers

Starlight to sight: Breakthrough in short-wave infrared detection

[Press-News.org] 2 new SCAP documents help improve automating computer security management