[VOIPSA Best Practices] Welcome to the VOIPSA Best Practices project... and some weekend reading for you all (if you get this)

Dustin D. Trammell dtrammell at tippingpoint.com
Thu Dec 7 06:15:48 CST 2006 

On Mon, 2006-12-04 at 03:10 +0100, Raul Siles wrote:
> I specially like the idea of including a field in each best practice
> to the tool(s) it protects against. In order to accomplish that, I
> suggest to include a specific appendix to the final Best Practices
> document including all the tool references used along the paper. I'd
> also use a field-base tool entry (as for the best practices) for each
> tool in this appendix, such as: 
> - Tool name
> - Tool reference (unique, and used along the Best Practices paper).
> - Tool description
> - Cross-reference to Threat Taxonomy
> - Tool reference (URL)
> - Latest tool version & date

There is actually another project that was recently started by Shawn
Merdinger and I which is the tool list you speak of.  It's still being
finalized before publication but there has been discussion of
referencing the tools list from these other various project documents.
It's my opinion that in order to reduce management headache, the tools
themselves should only be referenced from one document and I believe the
Threat Taxonomy is the more appropriate document.  If the Best Practices
document references the threats from the Taxonomy, and the Taxonomy
references tools that can be used to perform attacks which match the
threat from the Tools List, I think that would be adequate and would not
require keeping tools references current in multiple documents.

> 5. Apart from other activities, I volunteer to keep the tool list I
> previously mentioned (if it's finally accepted and considered a
> project requirement).

You're more than welcome to help us maintain the tools list once it is
published on the VoIPSA website.  I believe you can email feedback to
tools at voipsa.org to reach the maintainers (currently Shawn and I) if you
have tool suggestions for inclusion in the list or other feedback.  If
you are subscribed to the VoIPSec list or follow the VoIPSA Blog, you
should see an announcement soon when we publish the list.  Please review
the list when it is published and send any comments to us via the
address mentioned above.

Thanks!

-- 
Dustin D. Trammell
VoIP Security Research
TippingPoint, a division of 3Com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
URL: <http://voipsa.org/pipermail/bestpractices_voipsa.org/attachments/20061207/6e3af33e/attachment.sig>

More information about the bestpractices mailing list