CERIAS announces the beta launch of a new service for managing vulnerabilities and patches. Elisa (Enterprise-Level Information Security and Assurance) is free and is starting beta testing at:
https://cirdb.cerias.purdue.edu/elisa_beta
Elisa is the adaptation of the Cassandra service to support NIST’s recommendation on managing patches and vulnerabilities (800-40, available at http://csrc.nist.gov/publications/nistpubs/800-40/sp800-40.pdf). Patch and Vulnerability Groups may create domains of confidentiality with standard
profiles, and make those accessible to selected system administrators (SA). SAs can create child profiles that inherit the applications in the PVG profiles, or create new independent ones. PVGs can validate and suggest patches, and SAs can then report the application of patches, so that the
patching state of the enterprise can be monitored and controlled systematically. System administrators can also be independent, creating a functionality identical to Cassandra’s. However, Elisa doesn’t yet support Secunia advisories, like Cassandra now does, but will before its final launch in August.