From owner-freebsd-security Fri Jul 14 14:18: 3 2000 Delivered-To: freebsd-security@freebsd.org Received: from dfw-smtpout1.email.verio.net (dfw-smtpout1.email.verio.net [129.250.36.41]) by hub.freebsd.org (Postfix) with ESMTP id BE7C337BAE0 for ; Fri, 14 Jul 2000 14:17:57 -0700 (PDT) (envelope-from bokr@accessone.com) Received: from [129.250.38.62] (helo=dfw-mmp2.email.verio.net) by dfw-smtpout1.email.verio.net with esmtp (Exim 3.12 #7) id 13DCqJ-0002vR-00 for freebsd-security@freebsd.org; Fri, 14 Jul 2000 21:17:55 +0000 Received: from [204.250.68.168] (helo=gazelle) by dfw-mmp2.email.verio.net with smtp (Exim 3.15 #4) id 13DCqI-0003lJ-00 for freebsd-security@FreeBSD.ORG; Fri, 14 Jul 2000 21:17:55 +0000 Message-Id: <3.0.5.32.20000714142038.00908650@mail.accessone.com> X-Sender: bokr@mail.accessone.com (Unverified) X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Fri, 14 Jul 2000 14:20:38 -0700 To: freebsd-security@FreeBSD.ORG From: Bengt Richter Subject: RFC for Advisories? (Was Re: Newer/Two kinds of advisories?) In-Reply-To: <4.3.2.20000714114005.00b67100@207.227.119.2> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org There are a lot of RFCs for automated notifications over the internet. Perhaps it would be useful to think of security advisories in this light. FreeBSD SA's provide a reference implementation of content and distribution methodology. Others also distribute advisory information. Sometimes there is useful cross-platform content, even beyond the immediate OS family tree. Establishment of a standard, platform-independent (sectioned to distinguish generic vs platform/version-specific info) format suitable for human skimming and automated processing could have widespread benefits (IMHO). Ideally, one could visualize logging in and seeing an automatically edited MOTD or additional message something like: "NOTICE: vulnscand has received and authenticated advisory , and has (per vulnscand.conf auto option) disabled execution of / due to a level 7.2 ('Immediate Action Urgent') vulnerability. Type vulnscan -i for full info." The RFC should not exclude the possibility of an NT-based vulnscand.exe service whereby possibly seeing something relevant to NT in the security log of the NT event viewer, with automated email to the system administrator. For those writing cgi for score-keeping web presentation, perhaps a simple numeric scale of seriousness like the earth quake Richter (no relation :) scale would help keep things in perspective. HTIU (Hope this is useful) Regards, Bengt Richter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message