## Background - Pre-requisites - Regex pattern fuzzing (see below) - Regex parser comes first - Then fuzzer later - First steps - Basic tree-walker algorithm of schemas (Metaschema modules) - Second steps - Metaschema and "Metaschema's schema" - Building a fuzzer that fuzzes the Metaschema schema - Find a way to encode model representations - Perhaps bias different structures over others - Equivalence classes - Any field or flag with a string type with no additional string is just a generic string, can test it as such ## Goals - Start simple, scale up - Black-box first, white box earlier/later if we can ## Level of Effort - The hard: pre-requisite or separate - Verdict: keep it separate - Fuzzing the data type patterns of different fields and flags - The hard parts - Black-box approach - Scenario definition for the different scenarios - The harder parts - "Whitebox approach" -> see the implementation and look at it - Actually reversing the implementation
Last changed by  
Alexander Stein
52

Read more

oscal-cli 1.0.3 Release Brief

oscal-cli 1.0.2 is a patch release with improvements and changes that are backwards compatible, specifically updating liboscal-java and metaschema-framework dependencies to make use of the OSCAL v1.1.1 models and the underlying use of the Metaschema Framework.

2/2/2024
liboscal-java 3.0.3 Release Brief

oscal-cli 1.0.3 is a patch release with improvements and changes that are backwards compatible, specifically updating liboscal-java and metaschema-framework dependencies to make use of the OSCAL v1.1.2 models and the underlying use of the Metaschema Framework. This release also fixes a bug to properly reference embeeded resource files in the release.

2/1/2024
Demo Video script for metaschema-cli

Download from Maven

1/22/2024
Value stream issue management for usnistgov/OSCAL#1688

We propose in this draft document with a non-exhaustive list of value streams. A value stream is a thematic collection of work items, varying in scope of work by quantity or quality (large epics to small issues), but still relate to the same theme in that work. There are different kinds of work items, with some nested like epics with user stories within them. It is counter-intuitive to talk an epic nested with epics, so we will label each one as a value stream. For organizational purposes, we organize the value streams grouped by high-level use cases in OSCAL. This grouping may be beneifical to link the resulting value of work completed in a value stream to a downstream developer making OSCAL-enabled tooling.

1/5/2024
Read more from Alexander Stein
Published on HackMD