RE: [Fed-Talk] IAVMs
RE: [Fed-Talk] IAVMs
- Subject: RE: [Fed-Talk] IAVMs
- From: "Traynor, Paul I" <email@hidden>
- Date: Thu, 10 Dec 2009 01:05:33 -0600
- Acceptlanguage: en-US
- Thread-topic: [Fed-Talk] IAVMs
What Joel said, but not just CVE number – the vulnerabilities are typically published via dotmil AND commercial/non-gov sources. I receive the dotmil IAVAs
through our Program Protection folks, and I additionally get the SANS.org weekly notices to anticipate/plan ahead – SANS posts findings even before there are CVE numbers assigned in many cases, and one or both clearly lists something along the lines of “versions
of product x.y prior to x.y.z” for every vulnerability (not just MacOS, but ALL). The real answer is continual and “religious” research/follow-up (not a great answer, but honest…)
R, PT
From: fed-talk-bounces+paul.i.traynor=email@hidden [mailto:fed-talk-bounces+paul.i.traynor=email@hidden]
On Behalf Of Joel Esler
Sent: Wednesday, December 09, 2009 6:23 PM
To: Miller, William E. CONTRACTOR
Cc: email@hidden
Subject: Re: [Fed-Talk] IAVMs
On Wed, Dec 9, 2009 at 4:39 PM, Miller, William E. CONTRACTOR <email@hidden> wrote:
What's the best way to map a IAVM vulnerability to Apple's Security Updates?
I've been going to DISA's website and searching there, but can't always
track the IAVA to Apple's security updates.
Thanks!
Probably through CVE number. Do IAVA's have CVE numbers listed on them (it's been a few years since I've dealt with an IAVA).
--
Joel Esler | 302-223-5974 | gtalk: email@hidden
|
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden