Over the weekend, Lunarline rolled out several new features to SCAP Sync. In this post, I am going to point out three of my favorite new features: it is easier to use, it has a feed for monitoring updated SCAP content, and it has version history for SCAP Content.
By the way, if you are going to be at the ITSAC conference in Baltimore this week, please come say hello! We are speaking about SCAP Sync from 2:30 – 3:00 on Wednesday, October 3rd in Room 344. We also have a booth for the duration of the conference. Our booth is #19, which is along the left wall as you enter the exhibitors’ hall.
Easier To Use
One of our primary motivations for building SCAP Sync was to simplify and demystify SCAP for the average security practitioner. Therefore, we have tried to eliminate reliance on specialized SCAP terminology and use more general IT terminology throughout. For example, instead of using the terms CVE and CWE, we now use the terms Vulnerability and Weakness. This change is very obvious on our search screen, where the filters and results use this simplified terminology.
In addition to simplified terminology, we have also included new online help that describes how to use the search engine and provides some examples of useful types of activities that can be done with SCAP Sync.
You can click on the “Search” button next to any of the examples to actually run that search and see the results. We will continue to add and enhance the help documentation on SCAP Sync, because we view this as a critical step towards making SCAP easier to understand and use.
SCAP Content Update Feed
The next feature is really exciting – and nobody else is doing this!
One of the original motivations for creating SCAP Sync was to provide access to the freshest SCAP content. Therefore, SCAP Sync now includes a daily feed for new and updated SCAP Content. The daily feed lets you keep track of when changes are introduced to SCAP content. For example, you can stay current on new vulnerability disclosures released by NIST, new products added to the CPE dictionary, etc.
In addition to viewing this information on the web, you can also view this feed using an RSS client such as Google Reader.
We think this is a really cool new feature, and we are offering this service for free on SCAP Sync, starting today!
Although we released SCAP Sync to the public on August 3rd, our crawler had already been quietly running since July 12th. Each day, the crawler checked for updated content that was published by NIST or MITRE. Whenever the crawler discovered a modified piece of content, instead of overwriting the old version with the new version, the crawler actually kept both versions in its database.
When we first launched, we enabled users to view the most recent version of each piece of SCAP content, and we kept the older versions hidden away. Starting today, we are making all of those older versions available to view on SCAP Sync. If a piece of SCAP content has older versions available, that will be indicated near the top of the screen.
Clicking on this link will bring up the version history for this piece of content. The version history shows the date and time that our crawler noticed the change. You can click on any previous version to view it. (View an example.)
You can also compare two versions side by side. This side-by-side comparison feature is targeted at advanced users: if you are familiar with Wikipedia’s version history for articles or you are a programmer, then you will feel right at home with SCAP Sync’s version history. The side-by-side view compares the raw, XML format of SCAP content. This view makes it easy to highlight the differences between two versions. For example, we can see when NIST updates the vulnerability score for a vulnerability or adds additional references.
In addition to these 3 new features, we have also made numerous subtle tweaks in order to make SCAP Sync easy, fast, and elegant. Please try it out and let us know what you think by leaving a comment below!