Standardization and Interoperability in Security
Posted in Aneesh Chopra, CCE, CPE, CVE, CVSS, Cloud Computing, IDS, Management, Metrics, NCP, NIST, OVAL, Policies, Risk, SCAP, Vulnerability, XCCDF on Aug 9th, 2009
“While the NSA has a great red-team (think pen-test) capability, they had a major change of heart and realized, like the rest of the security world (*cough* Ranum *cough*), that while attacking is fun, it isn’t very productive at defending your systems – there is much more work to be done for the defenders, and [...]
