[Owasp-austin] Security Models, Security Databases, KPAC(sp?)

Matt Tesauro mtesauro at gmail.com
Fri Aug 28 13:48:27 EDT 2009

They were probably referring to CAPEC

CVE, CWE and CAPEC are good stuff from Mitre.  

Speaking of CVE, CWE and CAPEC, you might want to glance at:
Tracking the Progress of an SDL (Security Development Lifecycle) Program
- Lessons From the Gym
Cassio Goldschmidt, Symantec Corp

That presentation was just given at AppSec Academia at UC Irvring and
covered some interesting uses of those for security metrics.  

Link about the conference:

Presentation recording:

Audio only:

I'm pretty sure I have the ppt if you're interested - just let me know.

-- Matt Tesauro
OWASP Live CD Project Lead
http://AppSecLive.org - Community and Download Site 

On Tue, 2009-08-25 at 13:54 -0500, travis+ml-owasp at subspacefield.org
> For those who are interested in Bell-La Padula and other security models, I did a brief
> search and cataloged the ones that I found in a section in my book:
> http://www.subspacefield.org/security/security_concepts/index.html#tth_sEc3
> I'm also trying to locate all the relevant databases of things like CVE, CWE, etc.
> Right now I've dumped them into a section of my book that really needs some
> reorganization, but they're here:
> http://www.subspacefield.org/security/security_concepts/index.html#tth_sEc33
> One person mentioned something that sounded like KPAC, and from what I gathered,
> was some kind of database of attack patterns...  does anyone have more information
> on this?
> _______________________________________________
> Owasp-austin mailing list
> Owasp-austin at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-austin

More information about the Owasp-austin mailing list