| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <f398fbb50811301921i698d7bccxa1d4caf84e03bf69@mail.gmail.com>
Date: Sun, 30 Nov 2008 22:21:06 -0500
From: vulcanius <vulcanius@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Project Chroma: A color code for the state
ofcyber security
By the way, I also noticed that the new site for your project has the
current threat level as yellow. Is it safe to assume that you've already got
your metric systems in place and running?
On Sun, Nov 30, 2008 at 9:41 PM, Mike C <mike.cartall@...il.com> wrote:
> Yes,
>
> The project Chroma leads know of various efforts. But these are either
> vendor specific, or old and unstandardized. Project Chroma aims to be
> very active, and will look to interact with security vendors to
> implement the color codes in security products.
>
> --
> MC
> Security Researcher
> Lead, Project Chroma
> http://sites.google.com/site/projectchromaproject/
>
>
> On Sun, Nov 30, 2008 at 6:28 PM, Tomas L. Byrnes <tomb@...neit.net> wrote:
> > The SANS Internet Storm Center has been doing this for ages.
> >
> > It has the advantage of being data driven, using the DShield reports as
> > a primary sensor mechanism.
> >
> > http://isc.sans.org/
> >
> >
> >
> >>-----Original Message-----
> >>From: full-disclosure-bounces@...ts.grok.org.uk
> > [mailto:full-disclosure-
> >>bounces@...ts.grok.org.uk] On Behalf Of Mike C
> >>Sent: Saturday, November 29, 2008 9:35 PM
> >>To: Full Disclosure
> >>Subject: [Full-disclosure] Project Chroma: A color code for the state
> >>ofcyber security
> >>
> >>Hi,
> >>
> >>It is time to take an example from Homeland Security and define codes
> >>of color for cyber-warfare threat levels. I propose the following:
> >>
> >>Green level: There is negligible threat to online security.
> >>Yellow level : There is a minimal level of threat, and this must be
> >>monitored and contained.
> >>Orange level: This level of threat indicates there are parties who are
> >>actively engaging in cyber-warfare. Caution is required when online.
> >>Red level: This level indicates a full blown cyber-war. It indicates
> >>very high probability of all communications being intercepted.
> >>
> >>While homeland security's implementation does not seem to have a real
> >>world merit, such a threat level would certainly be very useful in the
> >>online security realm. Please disseminate this announcement of the
> >>project Chroma levels for online security. The immediate mission of
> >>the project is to be picked up by the antivirus and security tools
> >>vendors, so as to add the color codes to their products and provide
> >>users with a tangible measure of their online security.
> >>
> >>Current status: Threat level Yellow.
> >>
> >>--
> >>MC
> >>Security Researcher
> >>Lead, Project Chroma.
> >>
> >>_______________________________________________
> >>Full-Disclosure - We believe in it.
> >>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >>Hosted and sponsored by Secunia - http://secunia.com/
> >
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists