CEE Announce - September 17, 2008 (opt-in newsletter from the CVE Web site)

Welcome to the latest issue of the CEE-Announce e-newsletter. This
email newsletter is designed to bring recent news about CEE, such as
new versions of the language specifications, upcoming conferences, new
Web site features, etc. right to your emailbox. Common Event
Expression (CEE) standardizes the way computer events are described,
logged, and exchanged. By using CEE's common language and syntax,
enterprise-wide log management, correlation, aggregation, auditing,
and incident handling can be performed more efficiently and produce
better results than was possible prior to CEE. Details on subscribing
(and unsubscribing) to the email newsletter are at the end.

Please feel free to pass this newsletter on to interested colleagues.

Comments: [hidden email]

-------------------------------------------------------
CEE-Announce e-newsletter/September 17, 2008
-------------------------------------------------------

Contents:
1. Feature Story
2. CEE Community Meeting Updates
3. Also in this Issue
4. Details/Credits + Subscribing and Unsubscribing



FEATURE STORY:


CEE Establishes Working Group for Use Cases

CEE has established a CEE Working Group (WG) to document and
prioritize use cases for CEE. When decisions must be made for any
standard, we must rely on the feedback from the supporting community
and the motivating use cases. For CEE, we have a healthy and
continuously expanding community, but need to begin deciding which use
cases CEE will and will not support.


* Use Case WG Objectives

The expected outcome from this WG is a prioritized listing of detailed
use cases divided into three categories:

  1. Use Cases CEE must support
  2. Use Cases CEE may support
  3. Use Cases CEE will not support

The use cases should at least cover the ways in which logs are
currently used (security audits, SIM correlation, compliance
mandates), but may provide some insight into potential future uses.


* WG Organization and Process

WGs are created to investigate and draft one or more documents on a
certain topic. While MITRE will provide a mailing list for each
discussion group to use, it is up to the groups to determine how best
to operate.

Each WG is responsible for choosing a Lead. The Lead will be
responsible for keeping the WG on task and reporting status to the CEE
Editorial Board (http://cee.mitre.org/editorialboard.html) at least on
a quarterly basis.

Once the WG has created a stable document, a draft version will be
made available for public comment. During this period everybody is
welcome to review the draft and submit comments to the WG. The WG will
review all comments, make any necessary revisions, and post the
updated draft for another round of public comment. At least two (2)
drafts must be posted for public review before the document can be
submitted to the CEE Editorial Board. It is ultimately up to the CEE
Editorial Board to decide when a draft document has reached a point of
community consensus, at which point the document will be considered to
be a final version.

Once a final document has been produced, any updates must be approved
by the CEE Editorial Board. In a case where major changes need to be
made, the WG will be reestablished to recommend the necessary updates.



* Join Today!

If you are interested in becoming a part of this working group, please
subscribe to the Use Case WG email list. All use case and WG-related
discussions will be held on this mailing list to minimize the traffic
volumes on the other mailing lists.

To subscribe, open a new email message and copy the following text to
the BODY of the message "SUBSCRIBE CEE-WG-USECASE-List", then send the
message to: [hidden email].

NOTE: The CEE Team will be moderating the registration requests to
this list and will only approve subscriptions for those email
addresses already subscribed to the CEE Community Discussion or CEE
Announce mailing lists.


LINKS:

CEE Working Group main page - http://cee.mitre.org/workinggroup.html

CEE Community Discussion List sign-up page -
http://cee.mitre.org/discussiongroup.html

CEE Announce sign-up page - http://cee.mitre.org/newsletter.html


-------------------------------------------------------------
CEE COMMUNITY MEETING UPDATES

Two meetings were held in August for members and prospective members
of the CEE Community:

(1) The CEE Working Group held a face-to-face meeting held on August
8, 2008 at the Riviera Hotel & Casino, Las Vegas, Nevada, USA with
several members of the CEE community attending have been posted in the
Discussion Archives on the CEE Web site. Review the minutes at
http://www.nabble.com/CEE-Defcon-Meetup-Notes---08-Aug-2008-to19075040
.html.

(2) The CEE Team held a teleconference meeting of the CEE Community on
August 29, 2008. Discussion topics included a report on recent CEE
meetings and activities, a working group charter, and preliminary
roadmaps. Meeting minutes will be posted in the Discussion Archives
once they are available.

Announcements of upcoming CEE Community meetings will be noted in this
newsletter, on the CEE News page on the CEE Web site at
http://cee.mitre.org/news.html, and on the CEE email discussion lists.



LINKS:

CEE Working Group page - http://cee.mitre.org/workinggroup.html

Working Group meeting minutes -
http://www.nabble.com/CEE-Defcon-Meetup-Notes---08-Aug-2008-to19075040
.html

CEE Community Discussion List sign-up page -
http://cee.mitre.org/discussiongroup.html


-------------------------------------------------------------
ALSO IN THIS ISSUE:


* CEE Participates in 'Making Security Measurable' Booth at "Black Hat
Briefings 2008" on August 6-7


Read these stories and more news at http://cee.mitre.org/news


---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing

Managing Editor: William J. Heinbockel. Writer: Bob Roberge. The MITRE
Corporation (www.mitre.org) maintains CEE and provides impartial
technical guidance to the CEE Board and Working Group on all matters
related to ongoing development of CEE.

To unsubscribe from the CEE-Announce e-newsletter, open a new email
message and copy the following text to the BODY of the message
"SIGNOFF CEE-Announce-list", then send the message to:
[hidden email]. To subscribe, send an email message to
[hidden email] with the following text in the BODY of the
message: "SUBSCRIBE CEE-Announce-List".

Copyright 2008, The MITRE Corporation. CEE and the CEE logo are
registered trademarks of The MITRE Corporation.

For more information about CEE, visit the CEE Web site at
http://cee.mitre.org or send an email to [hidden email]. Learn more
about Making Security Measurable at
http://measurablesecurity.mitre.org.