Monday, May 17, 2004

Incident Handling (INCH) IETF Working Group

This weekend at BSDCan Michael Richardson mentioned a security-oriented IETF working group I'd never heard of before. It's called Incident Handling and its purpose is "to define a data format for exchanging security incident information used by a CSIRT." Also:

"The working group has created four documents. A data model named the Incident Object Description Exchange Format (IODEF), and an associated implementation in an XML DTD, is the format defined for exchanging incident data. The IODEF conforms to a set of requirements for a Format for INcident Report Exchange (FINE). Additionally, guidelines for implementors are provided."

Although the official working group site links to the project schedule and the documents they've written, working group chair Roman Danyliw's unoffical site is informative too. (Yes, that's the same Roman who developed ACID.) The INCH mailing list archive shows plenty of recent activity. This is a nice departure from the archive for the Intrusion Detection Exchange Format working group.

No comments: