The benefits of CVE, CWE, MAEC, CWSS, CAPEC, STIX and TAXII can often be at work without the users knowledge. Learn how these standards are working behind the scenes, and how you can use them to support information sharing and gain an advantage from crowd-sourced security information. Prior to 1999, software vulnerabilities were not widely discussed, tracked, correlated, or patched. The Common Vulnerabilities and Exposures list (CVE) was the first to unify such information and provided a key component to being able to talk about software vulnerabilities generically. CVE enjoys broad adoption today, and has achieved de facto standard status. The U.S. Department of Homeland Security (DHS) continues to promote development of additional resources; although these related efforts are less widely known, they can play a role in your security product, service, or benefit as an end-user. This talk will provide an overview of how these standards interact in daily security operations, and show demonstrations of automated security information sharing using these standards.
