OVAL (Open Vulnerability and Assessment Language) http://oval.mitre.org/
OVAL Schema分为三部分
* OVAL Definition Schema
* OVAL System Characteristics Schema
* OVAL Results Schema
另外官方提供interpreter binary以及source code供参考
http://oval.mitre.org/language/download/interpreter/index.html
OVAL-Compatible的公司
http://oval.mitre.org/compatible/declarations.html
OVAL的版本兼容问题
大版本之间不互相兼容。minor version升级则不会造成invalidate的问题
Version 5.1 of the OVAL Schema will include the following:
* addition of a xinetd test to the UNIX component schema
* addition of a slackware pkg info test to the Linux component schema
Help shape the security process management system!
Our company is focused on fulfilling the mission of enabling businesses throughout the world to realize their full potential by manage the security processes. We develop the high scalable, high stable security online services, and are looking to hire passionate and dedicated people to work on significant future releases.
As the senior SDE, you will be responsible for the work on future versions of technology for Windows, Linux, and mobile devices. Help design and implement next-generation scan engine features, create an extensible service platform, and help define the user experience for the security process. You will provide technical direction, mentoring, and leadership to other team members through difficult processes or new approaches; identify and solve complex problems; help design, spec, schedule, and implement quality components and features; make implementation trade-offs; write tight code; debug existing code; work efficiently with other disciplines, and in a self-directed manner; and participate in the hiring process.
Qualification
At least one full software product life cycle (> 3-person project)
Strong C/C++ development and debugging skills with solid background in CS or related areas
Strong server experience including .NET, C#, SQL, and security
Good communication skills
Independent ability to quickly come up to speed on new technologies and unfamiliar code
Passion for the user experience and customer satisfaction
A BA/BS in Computer Science or related technical discipline is required
Pluses
High scalable and stable server experience with C#
Contact us
Dongsheng Plaza Office Tower B #906
No.8 ZhongGuanCun East
Haidian District
Beijing, P.R.China
E-mail: feuvan@gmail.com
这样的夜晚
我想起Singing in the Rain
不过我没看过那电影
或者Dance in the Rain
http://trac.lighttpd.net/trac/wiki/DevelopmentProceduresR1.5
TODOS
1.5.x is meant to
* fix internals which are blocking us from moving forward.
* do big changes that can’t be done on 1.4.x-stable branch.
* merge most if not all duplicated code, which helps a lot on code maintaining/improving
the list below is meant for discussion.
* combine mod_fastcgi, mod_cgi, mod_scgi and mod_proxy into mod_proxy_core and protocols around it. They all cut’n'pasted from mod_fastcgi anyway.
o the core provides
+ config handling
+ connect/retry on failure
+ fork/restart worker child on dead. (easier to improve native win32 support)
+ balancing
+ x-sendfile
o the protocol backends take care of
+ preparing the environment (most cgi env code can be shared)
+ encode/decode data
+ handle io
* introduce a new io-subsystem which allows filtering content incoming and outgoing data
o mod_uploadprogress can track the progress of an upload
o mod_deflate can compress content
o mod_multiplex can reroute content to other connections
o mod_layout can replace tags in the outgoing stream
o consider support for asynchronous file io (most likely emulated using threads rather than native aio calls)
* make the core aware of max-workers
o combines server-status
o synchroniced logfiles
o perhaps make it memcache/shm/mmap based for cluster-wide stats
* combine most of config handling into core, including:
o alloc/free plugin data
o init default values
o insert values from config (into plugin data)
o patch(pick) values from plugin data for connection. this is done by calling a function ptr, but we can kill the string comparisons, lower or higher performance?
* apply %n to other config option. (such as document root. user might get confused what do or doesn’t support %n, but it’s seems hard to apply all the options.)
* find a way to solve module order problem:
o sort the "user enabled module" by the builtin "ordered module list", but 3rd party module have no luck on this way.
o or add more "handling stages", and depends on "stage order" instead of "module order". this is a bit too complex.
o or … (and your solution here)
