JVNRSS: CVE+ project (CVE+)

[ main >> CVE+ ]

[ Japanese | English ]

JVNRSS
Home
+main
JVNRSS Activity
+CVE+
+CVSS
+RSS_dir
+SIG_rdf
+TRnotes
+XSL_swf
Specification
+JVNJS
+JVNRSS
+RSS mod_sec
+VULDEF
Tool
+toolbox
Document
+docbox

Related Site
IPA/ISEC JPCERT/CC in Japanese JVN JVN FS Site JVN iPedia

Table of Contents

Overview
Data format
Viewer
Mapping DB data source
Archives DB data source

CVE+

CVE is a list of standardized names for vulnerabilities and other information security exposures. Currently CVE mostly doesn't include security information published by Japanese vendors, because Japanese vendors don't post security information in a CVE-compatible format.
CVE+ is to make a relationship map between CVE and Japanese security information. The grouping module extracts the Relational ID of JVNRSS feed <item> and finds the CVE entry with the same Relational ID. Some modules in Figure have been implemented as a Proof of Concept prototype. Also the convert module produces a TouchGraph XML format and RSS Extension (mod_sec) format to describe the relationship map.

>>>> Viewer	>>>> Data format

>>>> Mapping DB data source	>>>> Archives DB data source

Our gathering and grouping approach using the JVNRSS format has three steps.
Gathering of the security information
The gathering module periodically checks changes in JVNRSS feeds on other Web sites and extracts the JVNRSS items upon change.
Grouping of the security information
The grouping module extracts the Relational ID from the JVNRSS feed <item>. This module checks other JVNRSS feed items using Relational ID as the search key. When the module finds <item> with the same Relational ID, it makes these <item> into a group. When this module does not find any item with the same Relational ID, it will try to find a matching Relational ID using the Mapping DB. The upper group in the mapping DB shows the vulnerability information related to the TCP stack and the lower group shows the incident information about the MS-Blaster worm. The items on the right, which refer to the same vulnerability or incident, belong to the same group. In case the feed <item> have a different Relational ID yet refer to the same vulnerability, the mapping DB traces the relationship between those Relational IDs.
Convert XML to HTML
The Convert module transforms XML documents into a HTML form to present security information.

Relational ID and Mapping DB.

JVNRSS + <sec:item>

JVNRSS is based on RDF Site Summary (RSS) 1.0 [2] and use the field <dc:relation> of Dubline Core [3] as index of grouping security information (See. JVNRSS spec).
<sec:item> is extended JVNRSS format which nests item of RSS 1.0/2.0 (See. mod_sec spec).

The format of item part of Extended JVNRSS.

[1] TouchGraph Link Browser, http://touchgraph.sourceforge.net/index.html#TGLB
[2] RDF Site Summary 1.0 Modules , http://web.resource.org/rss/1.0/modules/
[3] RDF Site Summary 1.0 Modules: Dublin Core , http://purl.org/rss/1.0/modules/dc/

Viewer

TouchGraph Link Browser

input file format: TouchGraph XML format
output: TouchGraph Link Browser (Java Applet)

TouchGraph Link Browser

TouchGraph Link Browser

Input "CVE ID": ex. CVE-2004-0230 etc.

input file format: TouchGraph XML format
output: MAP Viewer (SWF)

MAP Viewer

MAP Viewer

Input "CVE ID": ex. CVE-2004-0230 etc.

input file format: JVNRSS + <sec:item> format (See. JVNRSS spec, mod_sec)
output: LIST Viewer (SWF)

LIST Viewer

LIST Viewer

Input "CVE ID": ex. CVE-2004-0230 etc.

Mapping DB data source

CVE

http://cve.mitre.org/cve/downloads/

NVD

http://nvd.nist.gov/download.cfm

Archives DB data source

in Japanese (lang=ja)

in English (lang=en)

http://www.hitachi.com/hirt/security/index.rdf

Published.: 2006-04-23T02:50:00-00:00

Last updated: 2006-04-23T02:50:00-00:00