profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/santosomar/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.
Omar Santos santosomar United States https://omarsantos.io Cybersecurity nerd with a passion on advanced attacks, vulnerability management, threat intelligence, and security research.

santosomar/awesome-threat-intelligence 21

A curated list of Awesome Threat Intelligence resources

santosomar/awesome 6

:sunglasses: Curated list of awesome lists

santosomar/art-of-hacking 5

This repository includes supplemental information covered in the Pearson video course titled "The Art of Hacking and Exploitation".

santosomar/awesome-security 5

A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.

santosomar/awesome-web-security 5

🐶 A curated list of Web Security materials and resources.

santosomar/awesome-docker 4

:whale: A curated list of Docker resources and projects

santosomar/awesome-incident-response 4

A curated list of tools for incident response

santosomar/awesome-malware-analysis 4

A curated list of awesome malware analysis tools and resources

santosomar/awesome-python 4

A curated list of awesome Python frameworks, libraries, software and resources

chris-mccoy/internet-locks 2

Internet Enabled Locks

startedmicromdm/scep

started time in 2 hours

issue openedoasis-tcs/csaf

As a consumer I want every CSAF document to be a security advisory - let us make a real version 2.0!

Although we enhanced the content model a lot (looking back to version 1.2) there is still this itch I really want to scratch at:

For CSAF like with other formats (eg. SARIF) the minimal valid document is ... an absolutely useless one.

What is an advisory not containing at least wun object and wun relation to a vulnerability? Seriously:

What would our parents and children think of us if they knew what we are doing here: Standardizing per hundred(s) pages rules for advisories, that allow those advisories to contain and provide essentially ... nothing?

So, over the next days and weeks, I will propose an augmented baseline for being a valid CSAF document and I invite all members, esp. from organizations actually producing or consuming security advisories in production, to support me in that final attempt of defining such a minimal document content that is worth being called a minimal viable product (MVP).

Currently, what we minimally allow is not an MVP, or is it?

Trying to identify such additional mandatory elements, I find it encouraging, that important use cases for issuing and processing a security advisory can be those, where not much is actually known. Essentially a heads up, important nevertheless. Typically not for every product it is known from news of a vulnerability discovery, if this product is affected by that vulnerability and if so, what measures can be advised. But, we can issue advisories of value to consumers, informing the product users, that there are known unknowns. Like, not yet knowing if that product is affected by this vulnerability or not in an initial version of the advisory.

In my world being actionable is the most important attribute of anything claiming to be advice.

This should be doable for CSAF. Valid advice for me includes (in version 1):

That 👉🏽 plant 🌱 may be infected with mites 🦠 we are investigating ...

Then version 2 issued after inspection:

That 👉🏽 plant 🌱 is infected with mites 🦠 working on mitigations ...

... and so on, simple like that (maybe neither for the plant nor the mites though).

Basically, I think that

if creating the next level above a meta data only CSAF document is high in the sky, then there is something wrong with the format or model

In that case, we should IMO consider why and if this is good. My feeling is, that if one needs to fill many more fields to go from zero to wun this is wrong and may hamper adoption.

So, if this is the case, we should correct that and provide with version 2.0 (which already signals per semantic versioning breaking changes).

Am I pathetic 👴🏽 or does that make sense? I sincerely hope the latter and

... am possibly sorry for the Saturday Morning version of the pwnd international english language used to create this call to action. — Caveat emptor: I borrowed the term wun (meaning 1) from Douglas Crockford without asking for permission and hope for forgiveness.

created time in 3 hours

issue commentoasis-tcs/csaf

Alphabetical order of properties

@tschmidtb51 very helpful. Looking forward to the PR, as merging this before I inject the conformance targets and their anchors/hooks because then the members can more easily separate formal changes (ordering) from content changes (conformance targets on roles).

tschmidtb51

comment created time in 4 hours

issue openedoasis-tcs/csaf

Alphabetical order of properties

During the process, we mixed up the order of the properties in the JSON schema. I suggest to rearrange them in alphabethical order. The JSON key words will still be in the order of https://github.com/oasis-tcs/csaf/issues/110#issuecomment-689148217.

    _$comment (to be removed before publication)_
    title
    description
    type / $ref
    default
    enum
    format
    pattern
    maxLength
    minLength
    maxItems
    minItems
    maxProperties
    minProperties
    required
    uniqueItems
    properties
    items
    examples

created time in 14 hours

issue commentoasis-tcs/csaf

Reference parser implementation of CSAF

Hi @adulau, one reference implementation would be any jsonschema parser that can parse the jsonschema version we use (currently draft 7). But, this validates of course mainly the shape (overall and per values). I am considering to provide a candidate for a more considerate parser module to the TC and the wider community, that adds constraints not enforceable per JSON schema. And this I assume will not be the only one.

The TC members will be more than happy to support interfacing with e.g. MISP and other community projects. We will update this issue to communicate available tools.

Hope this helps and thank you very much for the inquiry, much appreciated.

adulau

comment created time in 17 hours

startedkamranahmedse/git-standup

started time in a day

startednestybox/sysbox

started time in 2 days

fork hslatman/sftpgo

Fully featured and highly configurable SFTP server with optional FTP/S and WebDAV support - S3, Google Cloud Storage, Azure Blob

fork in 2 days

issue openedoasis-tcs/csaf

Reference parser implementation of CSAF

Is there any reference implementation of CSAF? Such as a Python library or alike? Thank you very much

created time in 2 days

startedSigmaHQ/sigma

started time in 2 days

startedprometheus/client_golang

started time in 2 days

startedmicrosoft/Web-Dev-For-Beginners

started time in 3 days

startedpyroscope-io/pyroscope

started time in 3 days

issue commentoasis-tcs/csaf

Vulnerability Remediations - Hotfix Mitigation

Thanks for clarifying how we could leverage the existing structure-- I think that's an acceptable resolution to what I was suggesting, once hashes can be included.

tschmidtb51

comment created time in 4 days

pull request commentoasis-tcs/csaf

Unique product ids

@mprpic and @santosomar _ please see my assessment in the linked issue. This is a small scope and suggest we merge and include in the next revision of the draft explicitly listing the fix. Will merge this PR tomorrow 1700 UTC if no one objects until then. Thanks.

tschmidtb51

comment created time in 4 days

issue commentoasis-tcs/csaf

Unique Product IDs in Product groups

I consider this a consistency bug and merely editorial to fix. Will request accordingly in corresponding PR

tschmidtb51

comment created time in 4 days

PR opened oasis-tcs/csaf

Reviewers
Unique product ids
  • resolves #189
  • add "uniqueItems" to the definition
  • change prose to reflect schema
+2 -1

0 comment

2 changed files

pr created time in 4 days

issue openedoasis-tcs/csaf

Unique Product iDs in Product groups

Currently, it is allowed to have the same product_id twice in the list of product_ids in one product group element. See example below:

"product_groups": [
      {
        "group_id": "CSAFGID-0001",
        "product_ids": [
          "CSAFPID-0001",
          "CSAFPID-0001"
        ]
      }

However, this violates the rule CSAF-5.1.4.1.2-1. Therefore, I suggest to add an "uniqueItems": true.

created time in 4 days

startedDATA-DOG/go-sqlmock

started time in 4 days

startedinfluxdata/influxdb

started time in 4 days

startedargoproj/argo-workflows

started time in 4 days

startedshirou/gopsutil

started time in 4 days

startedallinurl/goaccess

started time in 4 days

startedgreenpau/caddy-auth-portal

started time in 5 days

startedDigitalOnUs/VaultAIDE

started time in 5 days

startedjopohl/urh

started time in 5 days

startedsantosomar/virtualseccons

started time in 5 days

startedsantosomar/virtualseccons

started time in 5 days

fork vhumint/virtualseccons

An ongoing list of virtual cybersecurity conferences.

fork in 6 days

startedsantosomar/virtualseccons

started time in 6 days