From mboxrd@z Thu Jan 1 00:00:00 1970 Content-Type: multipart/mixed; boundary="===============7689025435811653302==" MIME-Version: 1.0 From: Blibbet Subject: Re: SCAP reporting support for CHIPSEC Date: Fri, 31 Jul 2015 09:07:30 -0700 Message-ID: <55BB9D42.6030608@gmail.com> In-Reply-To: <55B66C5F.6060809@gmail.com> List-Id: To: chipsec@lists.01.org --===============7689025435811653302== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable On 07/27/2015 10:37 AM, Blibbet wrote: ... > I'd like to use this sort of information as machine-readable SCAP XML, > so CHIPSEC output can be fed into current enterprise CM/SIEM solutions. > Then, the question of what format is more of needing SCAP OVAL > definitions for Intel HW/FW assets, and then SCAP ARF-based report > plugin for CHIPSEC. > > SCAP isn't needed for security researcher usage of CHIPSEC. BUT IMO, > SCAP would be very useful for system administrator's use of CHIPSEC, but > I'm not sure anyone is asking yet. Ah, they *ARE* asking: http://security.stackexchange.com/questions/46941/can-a-vulnerability-manag= ement-tool-highlight-bios-and-driver-level-vulnerabilit --===============7689025435811653302==--