Open Vulnerability and Assessment Language

From eg

Jump to: navigation, search

Open Vulnerability and Assessment Language (OVAL) is "an international, information security community baseline standard for how to check for the presence of vulnerabilities and configuration issues on computer systems." - oval.mitre.org. It may provide core terms for other open configuration standards, but these are more likely to use execution control and key continuity management instead. The real web 3.0 may not rely on OVAL.

"OVAL standardizes the three main steps of the process with an OVAL System Characteristics Schema for collecting configuration data from systems for testing; OVAL Definitions to test for the presence of specific vulnerabilities, configuration issues, and/or patches; and an OVAL Results Schema for reporting the results from the evaluated systems."

"The tests are standardized, machine-readable XML Vulnerability Definitions, Compliance Definitions, and Patch Definitions. OVAL's schemas and definitions are all free to download, use, reference, and implement."

Retrieved from "http://let.sysops.be/wiki/Open_Vulnerability_and_Assessment_Language"
Personal tools