On 07/27/2015 10:37 AM, Blibbet wrote:
...
> I'd like to use this sort of information as machine-readable SCAP XML,
> so CHIPSEC output can be fed into current enterprise CM/SIEM solutions.
> Then, the question of what format is more of needing SCAP OVAL
> definitions for Intel HW/FW assets, and then SCAP ARF-based report
> plugin for CHIPSEC.
>
> SCAP isn't needed for security researcher usage of CHIPSEC. BUT IMO,
> SCAP would be very useful for system administrator's use of CHIPSEC, but
> I'm not sure anyone is asking yet.

Ah, they *ARE* asking:

http://security.stackexchange.com/questions/46941/can-a-vulnerability-management-tool-highlight-bios-and-driver-level-vulnerabilit