|
OASIS CSAF Webinar: One of three critical steps to advance the vulnerability management ecosystem
Jane Harnad
Our CSAF Technical Committee will hold a webinar next week reviewing the standard and explaining its potential impact on vulnerability management. The webinar is free and open to all. See the link below for sign up details. Using CSAF to Respond to Supply Chain Vulnerabilities at Large Scale Thursday, 1 December 11:00 AM EST Sign up details are here. Come learn why the U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently listed the widespread adoption of CSAF as one of “three critical steps to advance the vulnerability management ecosystem.” We hope to see you there. Regards, Jane --
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
EXTENDED: Call for Submissions deadline
Jane Harnad
Dear OCA Members, In case you didn't hear -- the presentation submission deadline for RSA 2023 has been extended -- it is now October 13th. Please let us know....
Feel free to reach out with any questions. Thanks, Jane ---------- Forwarded message --------- From: RSA Conference <info@e.rsaconference.com> Date: Tue, Oct 4, 2022 at 9:08 AM Subject: EXTENDED: Call for Submissions deadline To: <jane.harnad@...>
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Re: OCA Scenario Diagrams
Jane Harnad
On Wed, Sep 7, 2022 at 10:13 AM Jane Harnad <jharnad@...> wrote:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
OCA Scenario Diagrams
Jane Harnad
Hi Everyone, As mentioned on our last marketing call -- Black Hat was a great success for us. OASIS had a terrific space in a high traffic zone throughout the two days. The Kestrel demonstration was also well received in the Arsenal Area (on the show floor). Thank you to everyone on the Kestrel Team that helped with that initiative. A marketing idea came out of the event. We designed a Threat Scenario Diagram rollup banner for our Black Hat booth that received quite a lot of attention. The diagram included some OCA projects -- along with other OASIS cybersecurity standards. Attached is a copy. (Credit to Duncan Sparrell for the original version of the diagram.) We'd like to see one or two similar diagrams specifically designed for our OCA Open Project. Here's where our OCA Marketing Group comes into the picture. We'd like the group to start discussing ideas, so we plan to initiate a dialogue during our next OCA Marketing Meeting on 15 September -- at 2:00 PM EDT. If you're not currently involved in the marketing group, please let me know and we'll get you signed up. Thanks so much, Jane
.jpg)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Re: Free pass to attend Black Hat available to OCA community
Charles P
Hello Jane,
I wanted to inquire if there were any passes still available.
Thank you,
Charles Payne 321-236-2561
From:
oca@... <oca@...> on behalf of Jane Harnad <jharnad@...> Attention OCA Members!
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Free pass to attend Black Hat available to OCA community
Jane Harnad
Attention OCA Members! OASIS has a free registration pass for the upcoming Black Hat Conference. If you're interested in attending, but don't have company financial support -- please contact me directly. We'll allocate the free pass on a first-come, first-serve basis.
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Modifications to the Open Project Rules approved by the OASIS Board of Directors
Chet Ensign
Open Project PGB members and OASIS members, At its meeting on June 14, 2022, the OASIS Board of Directors approved updates to the OASIS Open Project Process as well as minor changes to the Committee Operations Process and the Open Repository Guidelines and Procedures. Staff recommended these changes to address issues raised by several projects as well as our own lessons learned. The proposals go into effect immediately. The specific changes can be seen in the attached red-line copies of these documents. We do not anticipate these to have a significant impact on your ongoing project work. Briefly: 1. The first (and most important) change can be found in the OP Rules at lines 121 to 137 as a proposed new section 5.7. This change would allow OP PGBs to elect to apply the same quorum, non-voting, and persistent non-voting rules that TCs enjoy to their OP operations. Several PGBs have struggled to achieve regular quorum and make progress. By adopting a Standing Rule, OPs will now be able to gracefully scale down voting and quorum to those who show up and vote regularly. As with TCs, this would not change any other commitments or privileges of Sponsorship. 2. The second change is about Technical Steering Committees (TSC), and can be found in the attached marked OP Rules at lines 70 to 78 and 142 to 152. These changes simply clarify that a project can have multiple TSCs and how TSCs are represented on the PGB. 3. At lines to 242 to 245 (Section 10), we attempt to emphasize that, generally speaking, we don't expect Open Projects to adhere to a lot of rigid formalities; they're entitled to run as a consensus process, without a lot of formal motions, seconding and Roberts Rules behaviors. Related changes on the same topic also are in the OASIS Committee Operations Process at lines 74 to 76 and 162 to 166. 4. In the Open Repository rules, which allow TCs to launch open source projects on the side, we changed the language from a list of applicable open source licenses that would require maintaining to a statement that it is the same as for the Open Project Rules. Lines 53 to 58. 5. Two other minor patches to the OASIS Committee Operations Process were approved, in addition to the "consensus" issue noted above. The first is at lines 136 to 145, where the role and requirements for "standing rules" is slightly clarified. The second is to the informative table of project roles and functions after line 56. These were made to better explain what each role in an Open Project may do. 6. Finally, as general clean-up, small, non-substantive editorial corrections were made at lines 21, 80, 84, 87, and 205 of the OP Rules, and lines 82, 83 and 99 of the OASIS Committee Operations Process. Again, we do not expect these to have major impacts on your work but, as always, feel free to contact us with any questions. Best regards, /chet Additional information - Open Project Rules - https://www.oasis-open.org/policies-guidelines/open-projects-process/ - Committee Operations Process - https://www.oasis-open.org/policies-guidelines/oasis-committee-operations-process/ - Open Repository Guidelines and Procedures - https://www.oasis-open.org/policies-guidelines/open-repositories/
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
re-attack: Request to our OCA endpoint security vendors
OCA Team,
It has been two months since I sent out the below e-mail soliciting support from our end point security members to help with the ontology project. Unfortunately, the response has not been sufficient for us to be able to make progress on our efforts to ontologically model our use case. To reiterate, we are looking for some sample data representative of what we would observe in our systems in the case of a spear phishing attack and resultant malware infection. The sample data/files need to be accompanied by a “decoder ring” of some sorts so that we can understand what the elements in the file represent and then be able to map those to the ontological framework. See below for more details.
We CANNOT proceed without your help.
Ian Featherstone has set up a meeting for the Ontology project on Monday afternoon. We will try to work with whatever we have at that meeting so feel free to bring sample data or questions.
Thank you, Forrest
Forrest B. Hare, PhD Founder Summit Knowledge Solutions, LLC, SDVOSB 571-419-0084 The information contained in this e-mail and any attachments from Summit Knowledge Solutions ("SKS") may contain sensitive and/or proprietary information, and is intended only for the named recipient to whom it was originally addressed. If you are not the intended recipient, any disclosure, distribution, or copying of this e-mail or its attachments is strictly prohibited. If you have received this e-mail in error, please notify the sender immediately by return e-mail and permanently delete the e-mail and any attachments.
From: Hare, Forrest B. <Forrest.B.Hare@...>
Sent: Friday, April 8, 2022 3:06 PM To: 'oca-pgb@...' <oca-pgb@...> Cc: Featherstone, Ian <Ian.Featherstone@...>; Hare, Forrest B. <Forrest.B.Hare@...> Subject: Request to our endpoint security vendors
OCA Team,
We are at a bit of a sticking point in our ontology use case development for the OCA ontology project. What we could really use right now are some sample files containing some sample data that would be appropriate according to the use case. These would most likely be something that our end-point security vendors are working with so we are asking for your help specifically. As a reminder, the full use case is located here:
For the ontology use case however, we are ONLY focusing on the infection and detection stages in the overall use case. Very specifically, we are modeling the portion from the scenario pasted below at the bottom of this e-mail.
With that in mind, we are in need of some representative files that would contain the data that would be passed around in the system as described below. For example, we would appreciate some sample data that would exemplify the signatures, etc., that would be discovered in the scan.
Please DO NOT respond to the distro list if you have questions on the scenario. Please respond directly to me and Ian.
Thank you, Forrest
Scenario details----
Of note – but very much going on in the background - as Bob turns on his computer, Bob’s endpoint protection software starts up and checks for any new updates from the software manufacturer. A small set of signatures have been published overnight. Unknown to Bob, the signatures are installed in the background, ensuring that Bob’s computer is protected from the latest known malware attacks. The software also checks in with Bob’s corporate network asking a similar question, “Are there any new blocks we need to know about?” the software asks the corporate library of rules. No new rules are downloaded as no filters, blocks, proxy rules or firewall rules have been created in the last 16 hours. Our story continues with Bob - He is eager to follow up on a project so he does not notice that the “from” name is "Alice", but it is not displaying as it typically would. He clicks anyways, as he is looking forward to the next step in a project. Bob opens the e-mail to see “I found this link that I think will help us with our project, talk soon” – followed by a URL. Of course Bob clicks the link, and this is what we call a phishing – or in the case of a specific user, a focused “spear phishing” attack. The web site Bob accesses contains a zero-day cyber vulnerability. Bob did not catch it, his e-mail system’s filter did not, and now Bob’s endpoint software has to take over. The link that Bob clicked opened up a few interesting tidbits, but it did not seem very apropos to Bob and Alice’s project. He ignored the rest of the site, realizing – too late – that this sounded like one of those examples from his security awareness training. “I probably should not have clicked that,” Bob thought. He looked again at the tempting e-mail and saw that while it had Alice’s first name, it did not include a last name. And he hovered his mouse over the URL and realized, “...not a good site... uhoh.” Bob hasn’t seen anything else strange, he only clicked a link and realized quickly that it was off topic – he closed the screen so fast, at this point Bob’s fears dwell and he goes about his coffee – and his day. In the background, however, the damage was done in a split second. Bob’s computer saw Bob click a link · he initiated it, and Bob’s computer’s policies allow him to install software. The software installed itself and after setting a timer to “go off” in 4 hours, the bad program went dormant. Malware was installed immediately as Bob clicked the URL – it all happened as the web page loaded. Bob’s endpoint protection software scanned the new program that was downloaded in the background · the software scans all files coming and going on Bob’s computer. When the new program starts to run, the virus software compares the digital signature, the certificate used to sign it, and the name, size and date on the program to its database of known malware attacks. The new program does not match the database. The endpoint software flags it as a new, unsafe program. Many people in Bob’s company are business and mission focused – they are not savvy IT people. Because alerts have created a lot of extra calls and support costs, this security event – unknown software – does not pop up on Bob’s computer. Instead the endpoint software sends an alert to the corporate logging tools.
Forrest B. Hare, PhD, CISSP SAIC Fellow Solution Developer | Cyberspace Operations SAIC®
The information contained in this e-mail and any attachments from Science Applications International Corporation ("SAIC") may contain confidential and/or proprietary information, and is intended only for the named recipient to whom it was originally addressed. If you are not the intended recipient, any disclosure, distribution, or copying of this e-mail or its attachments is strictly prohibited. If you have received this e-mail in error, please notify the sender immediately by return e-mail and permanently delete the e-mail and any attachments.
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
OCA joins Nonprofit Cyber Coalition
Dee Schur <dee.schur@...>
OCA community,
We are delighted to announce that the OCA has officially become part of the Nonprofit Cyber Coalition, https://nonprofitcyber.org/nine-new-members-join-nonprofit-cyber-coalition/. The mission of the OCA is nicely aligned with that of the Nonprofit Cyber, https://nonprofitcyber.org/about/. We will be engaging the OCA community as we organize opportunities to collaborate with these other organizations.
If you are an OCA Sponsor, please take advantage of this announcement and promote via your social channels reinforcing your organization’s commitment to open partnerships that benefit your customers.
Regards, Dee
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
OCA community event update -- RSA 2022 and more
Jane Harnad
Hi Everyone, Missed today's OCA marketing meeting? Below is a quick event recap. Please mark your calendars for the next meeting -- Thursday, 9 May at 2:00 PM EST. We have a lot to finalize before RSA 2022. Feel free to reach out with questions. Thanks so much, Jane Upcoming events: International Conference on the EU Cybersecurity Act OCA on the Agenda | Wednesday, 25 May OASIS member discount: 20% off the registration pass, use the code 22OASIS20. Cybersecurity Automation Workshop PACE, STIX Shifter, and Kestrel Participating | 2 June Register to participate or simply observe. RSA 2022 OCA Breakfast BoF | 8 June Contact Jane Harnad if your company has a booth and you'd like to host an OCA presentation on the RSA showfloor. The FIRST Annual Conference Possible OCA Booth Option | 26 June Contact Jane Harnad if you plan to attend and would be willing to support an OCA booth during the event. In case you missed a recent event... NIEM & OASIS Community Update View video to learn about possible cross-pollination opportunities for OCA. Kestrel @ SC Media: Automating the Hunt for Advance Threats Summit View presentation here.
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Event: OCA Webinar 'Can ‘best of breed’ security tools be orchestrated?' - Wednesday, March 16, 2022
#cal-invite
oca@lists.oasis-open-projects.org Calendar <noreply@...>
OCA Webinar 'Can ‘best of breed’ security tools be orchestrated?' When: Where: Organizer: Dee Schur dee.schur@... 9413216733 Description:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
OSLC Quality Management Version 2.1 OASIS Standard published
Chet Ensign
OASIS Members, OASIS is pleased to announce the publication of its newest OASIS Standard, approved by the members on 19 January 2022: OSLC Quality Management Version 2.1 OASIS Standard 19 January 2022 The OSLC (Open Services for Lifecycle Collaboration) initiative applies Linked Data principles, such as those defined in the W3C Linked Data Platform (LDP), to create a cohesive set of specifications that can enable products, services, and other distributed network resources to interoperate successfully. Quality Management V2.1 defines the OSLC quality management domain, a RESTful web services interface for the management of product, service or software quality artifacts, activities, tasks and relationships between those and related resources such as requirements, defects, change requests or architectural resources. To support these scenarios, this specification defines a set of HTTP-based RESTful interfaces in terms of HTTP methods: GET, POST, PUT and DELETE, HTTP response codes, content type handling and resource formats. The project received 3 Statements of Use from IBM, KTH Royal Institute of Technology, and SodiusWillert. URIs: The OASIS Standard and all related files are available here: - Part 1: Specification HTML: https://docs.oasis-open-projects.org/oslc-op/qm/v2.1/os/quality-management-spec.html PDF: https://docs.oasis-open-projects.org/oslc-op/qm/v2.1/os/quality-management-spec.pdf - Part 2: Vocabulary HTML: https://docs.oasis-open-projects.org/oslc-op/qm/v2.1/os/quality-management-vocab.html PDF: https://docs.oasis-open-projects.org/oslc-op/qm/v2.1/os/quality-management-vocab.pdf - Part 3: Constraints HTMLP https://docs.oasis-open-projects.org/oslc-op/qm/v2.1/os/quality-management-shapes.html PDF: https://docs.oasis-open-projects.org/oslc-op/qm/v2.1/os/quality-management-shapes.pdf - Part 4: Machine Readable Vocabulary Terms https://docs.oasis-open-projects.org/oslc-op/qm/v2.1/os/quality-management-vocab.ttl - Part 5: Machine Readable Constraints https://docs.oasis-open-projects.org/oslc-op/qm/v2.1/os/quality-management-shapes.ttl Distribution ZIP file For your convenience, OASIS provides a complete package of the prose specification and related files in a ZIP distribution file. You can download the ZIP file here: http://docs.oasis-open-projects.org/oslc-op/qm/v2.1/os/qm-v2.1-os.zip Our congratulations to the members of the OSLC Open Project on achieving this milestone.
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Newly released RSAC agenda + OASIS member discount enclosed
Jane Harnad
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
It is time for that bi-annual tsunami we call Daylight Savings Time
Chet Ensign
Heads up for any of you scheduling projects with cross-ocean participants, it is that time of year. North America goes to Daylight savings time on Sunday, March 13th. Europe and much of the rest of the world will make the switch on March 27th. Much of Asia doesn't bother. Note also that the Middle East shifts on different days. Israel, for example, changes on Friday the 25th while Palestine shifts on Saturday the 26th. You can see a complete list at https://www.timeanddate.com/time/dst/events.html So, to avoid confusion, have everybody double-check their calendars. Or take a two week break and let the dust settle that way. Best, /chet
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
The ballot to consider CC-BY-4.0 as a valid license for OCA repositories has passed
Chet Ensign
The ballot to consider the CC-BY-4.0 license (https://creativecommons.org/licenses/by/4.0/legalcode) for use in future OCA repositories has passed. The vote required a Special Majority. This meant at least 2/3 of the eligible voters had to vote “yes” and no more than 3 (1/4 of the eligible voters) could vote “no”. Yes received 12 votes (11 cast by ballot and 1 cast by email due to a problem using the ballot) and No received 0 votes. Please contact us with any questions. Best regards, /chet
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Please join us on 16 March, 12PM EDT for the next OCA webinar
Dee Schur <dee.schur@...>
OCA community, We invite you to register for the next OCA webinar, ‘Can ‘best of breed’ security tools be orchestrated?’ https://bit.ly/3heXbt0 . We are anticipating a quite lively exchange! Please distribute widely to your network. Include @OpenCyberAllnc in your tweets and Open Cybersecurity Alliance in your LinkedIn posts.
Apologies in advance for multiple emails to our OCA lists.
Best, dee
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
IoB WG Meeting tomorrow - mark your calendars
Dee Schur <dee.schur@...>
Hi folks, Please join us for the February Indicators of Behavior monthly meeting tomorrow, 8 February at 1PM ET, https://lists.oasis-open-projects.org/g/oca-iob-wg/calendar. This meeting is open to all interested parties.
Agenda topics:
Need to come up to speed before the next meeting? Have a look at the recorded meeting on YouTube, https://www.youtube.com/watch?v=vkXDu2wIv9I&list=PLGWoM62JSEugl4982u_whEwcTb_eBTOoH
As always, let me know if you have any questions. Regards, Dee
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Modifications to the Open Project Rules approved by the OASIS Board of Directors
Chet Ensign
Open Project PGB members and OASIS members, At its January 25, 2022 meeting, the OASIS Board of Directors approved updates to the rules governing OASIS Open Projects (https://www.oasis-open.org/policies-guidelines/open-projects-process/). Staff recommended these changes to address feedback we received from the community and our own lessons learned. The proposals go into effect immediately. Briefly: - Sect. 8.1 was revised to enable Project Governing Boards to adopt a standing rule delegating the power to approve and set up of new repositories to their Technical Steering Committee or to designated maintainers. In the case where a repository is being set up with an applicable license that has not been used by the project before, the PGB will be required to approve the repository. - In Sect 15.2, Creative Commons CC0 license was changed to an implementer-class license and Community Data License Agreement v2 was added to the set of other available licenses to accommodate repositories intended for collections of data. You can review the specific changes in the attached red-lined PDF file. Thank you for your ongoing work at OASIS. We appreciate all that you do. As always, feel free to contact us with any questions you have. /chet
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
And the winner is...OASIS Awards Ceremony, 19 Jan.
Jane Harnad
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Welcome VISUA, Prophecy International, and Tenzir to the Open Cybersecurity Alliance
Mary Beth Minto
OASIS is pleased to announce three new sponsors of the Open Cybersecurity Alliance Open Project: VISUA, Prophecy International, and Tenzir! VISUA boasts best-in-class Visual-AI that powers the world’s leading brand protection, authentication and monitoring platforms. Its Visual-AI technology is proven to deliver the highest precision with instant learning, at unlimited scale, and is adaptable for any use case. VISUA delivers best-in-class Visual-AI for brand protection, authentication, and monitoring. Prophecy International is known internationally for innovative software. Prophecy designs & develops software, and brings it to the world through their global business partner channel in each of their territories – in America, Europe, Middle East, Africa and Asia/Pacific. They have a number of brands, including Snare, eMite, and their legacy brands basis2, Promadis and ProphecyOpen. Tenzir's mission is to significantly speed up the investigation process after cyber attacks by means of automated analyses. In an IT-world of understaffing, talent shortage, and alert overload, it is a daunting task to keep a large infrastructure secure. Tenzir brings together longstanding expertise in security, software engineering, and data science to develop a solution that extracts meaningful signals from the noise and translates them into actionable insight.
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
