A Collection of Information Security Community Standardization Activities and Initiatives
   

Developer Days

MITRE regularly hosts and/or participates in "Developer Days Conferences" designed to bring the community together to discuss information security data standards and how they are used in technical detail and to derive solutions that benefit all concerned parties. Information on upcoming and recent events are noted below.

MITRE’s Developer Days 2013

MITRE Corporation hosted the fifth Developer Days event on July 22-24, 2013, at MITRE in McLean, Virginia, USA. This three-day event was technical in nature and focused on the Open Vulnerability and Assessment Language (OVAL®) effort, remediation, and other security automation topics.

The purpose of the event is for the community to discuss OVAL and other security automation efforts and specifications in technical detail and to derive solutions that benefit all concerned parties. MITRE first hosted Developer Days in 2005 and has been running them annually ever since. The model for these technical exchanges has since been adopted as the format used by the security automation community.

Materials from the event include the following:

IT Security Automation Conference 2012

The 8th Annual IT Security Automation Conference was hosted by the National Institute of Standards and Technology, in conjunction with the Department of Homeland Security, National Security Agency, and Defense Information Systems Agency, on October 3-5, 2012. "Security automation leverages [the CVE®, CCE™, CPE™, OVAL®, OCIL™, XCCDF, ARF, CCSS, and CVSS community] standards and specifications to reduce the complexity and time necessary to manage vulnerabilities, measure security, and ensure compliance, freeing resources to focus on other areas of the IT infrastructure."

For additional information and downloads, visit: https://itsac.g2planet.com/itsac2012/.

MITRE’s Security Automation Developer Days 2012

MITRE Corporation hosted the fourth Security Automation Developer Days conference on July 9-13, 2012, at MITRE in Bedford, Massachusetts, USA. This five-day conference is technical in nature and focuses on the U.S. National Institute of Standards and Technology’s (NIST) Security Content Automation Protocol (SCAP).

The purpose of the event is for the community to discuss SCAP — and the existing standards upon which it is based including Open Vulnerability and Assessment Language (OVAL®), Common Platform Enumeration (CPE™), Common Configuration Enumeration (CCE™), Extensible Configuration Checklist Description Format (XCCDF), and Open Checklist Interactive Language (OCIL) — in technical detail and to derive solutions that benefit all concerned parties. All current and emerging SCAP standards are addressed at this workshop. MITRE first hosted Developer Days in 2005 and has been running them annually ever since. The model for these technical exchanges has since been adopted as the format used by the Security Automation community.

Materials from the event include the following:

IT Security Automation Conference 2011

The 7th Annual IT Security Automation Conference was hosted by the National Institute of Standards and Technology, in conjunction with the Department of Homeland Security, National Security Agency, and Defense Information Systems Agency, on October 31 - November 2, 2011. "Security automation leverages [the CVE®, CCE™, CPE™, OVAL®, XCCDF, and CVSS community] standards and specifications to reduce the complexity and time necessary to manage vulnerabilities, measure security, and ensure compliance, freeing resources to focus on other areas of the IT infrastructure."

For additional information and downloads, visit: http://www.nist.gov/itl/csd/7th-annual-scap-conference.cfm.

MITRE’s Security Automation Developer Days 2011

MITRE Corporation hosted the third Security Automation Developer Days conference on June 14-17, 2011, at MITRE in Bedford, Massachusetts, USA. This four-day conference is technical in nature and focuses on the U.S. National Institute of Standards and Technology’s (NIST) Security Content Automation Protocol (SCAP).

The purpose of the event is for the community to discuss SCAP — and the existing standards upon which it is based including Open Vulnerability and Assessment Language (OVAL®), Common Platform Enumeration (CPE™), Common Configuration Enumeration (CCE™), Extensible Configuration Checklist Description Format (XCCDF), and Open Checklist Interactive Language (OCIL) — in technical detail and to derive solutions that benefit all concerned parties. All current and emerging SCAP standards are addressed at this workshop. MITRE first hosted Developer Days in 2005 and has been running them annually ever since. The model for these technical exchanges has since been adopted as the format used by the Security Automation community.

Materials from the event include the following:

Security Automation Developer Days Spring 2011

The Security Automation Developer Days Spring 2011 conference was held March 22-25, 2011 at National Institute of Standards and Technology (NIST) in Gaithersburg, Maryland, USA.

The purpose of this event was for the community to discuss key security automation-related initiatives including Open Vulnerability and Assessment Language (OVAL®), Extensible Configuration Checklist Description Format (XCCDF), Open Checklist Interactive Language (OCIL), Remediation, and related topics such as Common Platform Enumeration (CPE™) and Common Configuration Enumeration (CCE™), in detail to further the development of these initiatives and to derive solutions that benefit all concerned parties. The conference, hosted by NIST, is a collaborative effort of NIST and the MITRE Corporation.

For additional information and downloads, visit: http://www.nist.gov/itl/csd/sec-automation-developer.cfm.

IT Security Automation Conference 2010

The 6th Annual IT Security Automation Conference was hosted by the National Institute of Standards and Technology, in conjunction with the Department of Homeland Security, National Security Agency, and Defense Information Systems Agency, on September 27-29, 2010. "Security automation leverages [the CVE®, CCE™, CPE™, OVAL®, XCCDF, and CVSS community] standards and specifications to reduce the complexity and time necessary to manage vulnerabilities, measure security, and ensure compliance, freeing resources to focus on other areas of the IT infrastructure."

For additional information and downloads, visit: http://www.nist.gov/itl/csd/2010-scap-conference.cfm.

MITRE’s Security Automation Developer Days 2010

The MITRE Corporation hosted the second Security Automation Developer Days conference on June 14-16, 2010, at MITRE in Bedford, Massachusetts, USA. This three-day conference was technical in nature and focused on the U.S. National Institute of Standards and Technology’s (NIST) Security Content Automation Protocol (SCAP). A brief technical overview of software assurance efforts sponsored by the Department of Homeland Security was also provided on the third day of the conference.

The purpose of the event is for the community to discuss SCAP in technical detail and to derive solutions that benefit all concerned parties. All current and emerging SCAP standards are addressed at this workshop. MITRE first hosted Developer Days in 2005 and has been running them annually ever since. The model for these technical exchanges has since been adopted as the format used by the Security Automation community.

Materials from the event include the following:

Security Automation Developer Days Winter 2010

The Security Automation Developer Days Winter 2010 conference was held February 22-24, 2010 at National Institute of Standards and Technology (NIST) in Gaithersburg, Maryland, USA.

The purpose of this three-day technical event was for the community to discuss key security automation-related initiatives including Common Platform Enumeration (CPE™), Extensible Configuration Checklist Description Format (XCCDF), Remediation, and Digital Trust in detail to further the development of these initiatives and to derive solutions that benefit all concerned parties. The conference, hosted by NIST, was a collaborative effort of the U.S. Department of Defense (DoD), NIST, and the MITRE Corporation.

Materials from the event include the following:

CPE

XCCDF

Remediation

Digital Trust

MITRE’s Security Automation Developer Days 2009

MITRE hosted the first-ever Security Automation Developer Days conference on June 8-12, 2009, at MITRE in Bedford, Massachusetts, USA. The five-day conference was technical in nature and focused on the U.S. National Institute of Standards and Technology’s (NIST) Security Content Automation Protocol (SCAP).

The purpose of the event was for the community to discuss SCAP in technical detail and to derive solutions that benefit all concerned parties. Discussion topics included NIST SP 800-126, SCAP content management, lifecycle, validation, and remediation; OVAL®, XCCDF, emerging specifications, and perceived gaps in standards coverage; ontology; and use cases.

Materials from the event include the following:

Standards-Specific Conferences