Security Content Automation Protocol (SCAP) defines a set of standards to enable automated vulnerability management, measurement, and policy compliance evaluation. More information at: http://scap.nist.gov/
These are a suite of open standards that enumerate software flaws, security related configuration issues, and product names; measure systems to determine the presence of vulnerabilities; and provide mechanisms to rank the results of these measurements in order to evaluate the impact of the discovered security issues.
All the SCAP enumerations (CVE, CCE, CPE, CWE) are available for download. OVAL and XCCDF content is not available for non-subscribers. However, search is on the whole repository.
Login is there for subscribers only. Credentials will be provided once subscribed, which will allow you to download OVAL and XCCDF content apart from managing your preferences.
"Recently released OVAL definitions". You can certainly be more creative than that.
Search anything SCAP. Some sample search queries to give you ideas: - biggest threats - cves that matter - today cve - adobe cve - windows cves - patch definitions - adobe oval and adobe cve - adobe scap - google chrome cpe - all vulnerabilities from jan 2011 - list gnome products - list all products - microsoft bulletin content - oval definition for cve-2011-1234 - inventory definition for adobe - cve access complexity high - cve availability impact complete - cves whose cvss score more than 9.3 - Adobe CVEs whose CVSS is more than 8 Some of the queries that will/may not work: - When is the next SCAP conference - NISTIR-7799
If you are not satisfied with the search results for a query or if you would like to see a new feature, send an email to:info@secpod.com
We might update additional fields that are available in the CVE XML schema based on our research of the vulnerability. We might add some mapping info so that the CVE is more searchable.
We intend to submit any new CPE added into our repository or any corrections we make to NVD. There should not be difference.
We intend to submit any new CCE added into our repository or any corrections we make to MITRE.
We intend to submit any new CWE added into our repository or any corrections we make to MITRE.
Please refer to Terms page.
Updates are done almost daily.
SCAP technical natural language :)
We have tried to make it possible to search everything through regular search. Only use Advance Search if you are not satisfied with the results. However, Advance Search is only available for subscribers.
There is a lot that we want to do, please stay connected.
We would like to understand the query that didn't yield the desired results. Please share it with us at info@secpod.com and we'll ensure that it is addressed.
Please submit your query to info@secpod.com.
So, you liked it. Thanks! Please do mention at info@secpod.com and we'll certainly be encouraged.
Yes, a RESTful service at: https://www.scaprepo.com/SCAPRepoWebService
The interface documentation and also a sample Java based client is available here
As an unregistered user, you are allowed to search everything but you are not allowed to download OVAL and XCCDF content. And Personalization is not possible.
'and': This is treated as 2 different queries '+': This is treated as 'containing' "": Whatever is inside "" will be searched for the exact match after ignoring the case
We have tested with the latest versions of Microsoft Internet Explorer, Mozilla Firefox, Google Chrome and Apple Safari.
An SCAP Content Repository, that lets you store, search and manage SCAP content (CVE, CPE, CCE, CWE, OVAL, XCCDF and OCIL). It can act as an organizational content server, hosting content relevant to your organization. It is also an essential component (Content Subsystem) in a Continuous Monitoring framework.
Just mail us at info@secpod.com
The SCAP Feed provides professional quality SCAP content available on a subscription model. SCAP Repo is a server that can host and manage the SCAP content, available for OEM integration as well as full-product version.
Content Subsystem or Content Repository is a component of Continuous Monitoring framework. It is a repository hosting Digital policies, baselines, enumerations and standards. Please refer to NISTIR-7799.
Following are the use cases: - Product vendor hosting and managing SCAP content - Organizational content server, hosting and managing SCAP content relevant to specific environment - Continuous Monitoring solutions needing a Content Subsystem
Following are the use cases: - Information Security product vendors integrating SCAP Content - Security consulting vendors integrating SCAP Content - Enterprises hosting Information Security solution
More information can be found at: http://www.secpod.com/secpod-SCAPRepo.php
More information can be found at: http://www.secpod.com/scap-feed.html
If you are a subscriber, you will be entitled for technical support.
Just mail us at info@secpod.com.