PRO+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
December 2004

Vulnerability testing with Open Vulnerability Assessment Language

Running multiple vulnerability assessment programs allows you to detect vulnerabilities that may have been missed, but it often results in conflicting reports. One tool says a given vulnerability is present, while another doesn't. The Open Vulnerability Assessment Language (OVAL) project, headed by nonprofit MITRE and funded by the Department of Homeland Security's U.S.-CERT, is being developed as a standardized process by which security tool creators, operating system vendors and security professionals test systems for exploitable vulnerabilities. XML-based OVAL leverages MITRE's Common Vulnerabilities and Exposures (CVE) initiative, a standardized registry of known vulnerabilities and security exposures. It gives security managers the ability to test for a particular CVE vulnerability in OVAL-compliant applications and platforms. OVAL will tell testers whether vulnerable software is installed and, if so, whether it has a vulnerable configuration. OVAL provides a schema that describes the platforms and presents a query ...

Access this PRO+ Content for Free!

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Features in this issue

Columns in this issue