oval.mitre.orgOVAL - Open Vulnerability and Assessment Language

 PRODUCTS INCLUDING OVAL NEWS — July 9, 2015 SEARCH Open Vulnerability and Assessment Language A Community-Developed Language for Determining Vulnerability and Configuration Issues on Computer Systems OVAL has transitioned to the Center for Internet Security (CIS) . The MITRE OVAL website is in "Archive" status. About OVAL Documents FAQs OVAL in Use Products Interoperability Adoption Program Process Make a Declaration -- OVAL Community OVAL Board Forums Sign-Up Forum Archives Sponsor GitHub Repositories Free Newsletter Developer Days -- OVAL Repository Submit Content Search OVAL Language Releases Use Cases OVAL Interpreter News & Events Calendar RSS Feeds -- Site Map OVAL® International in scope and free for public use, OVAL is an information security community effort to standardize how to assess and report upon the machine state of computer systems. OVAL includes a language to encode system details, and an assortment of content repositories held throughout the community. Tools and services that use OVAL for the three steps of system assessment — representing system information, expressing specific machine states, and reporting the results of an assessment — provide enterprises with accurate, consistent, and actionable information so they may improve their security. Use of OVAL also provides for reliable and reproducible information assurance metrics and enables interoperability and automation among security tools and services. OVAL in the Enterprise Vulnerability Assessment Configuration Management Patch Management Policy Compliance Community Repositories of OVAL Content Vulnerability Databases and Advisories Benchmark Writing Security Content Automation Related Efforts Vulnerabilities (CVE) Malware (MAEC) Checklist Language (XCCDF) Security Content Automation (SCAP) Making Security Measurable Focus On OVAL Repository Statistics The OVAL Repository contains all community-developed OVAL Vulnerability, Compliance, Inventory, and Patch Definitions for supported operating systems. Available statistics include the following: Main Landing Page Infographic – provides the grand total of OVAL Definitions contained in the Repository to-date, as well as a breakdown of definitions by top-level platform family. Statistics page – provides "General Statistics" by platform family and by individual platform versions; "Top Contributors" of individuals submitting new definitions or modified existing definitions; and "Top Organizations" of organizations contributing new definitions or modified existing definitions. Latest Updates – provides the latest updates to the Repository, including new OVAL Definitions, definitions that have changed status (e.g., from Draft to Interim or Interim to Accepted), and definitions that have been modified. This data is also searchable from 1-120 days. Visit the Submit Content page. -- Developer Days 2013 - Quick Links Quick links for MITRE’s Developer Days 2013 , being held July 22-24, 2013 at MITRE in McLean, Virginia, USA: Event Agenda https://oval.mitre.org/community/docs/Developer_Days_2013_Agenda.pdf OVAL Session Read-Ahead Materials - https://oval.mitre.org/community/docs/Developer_Days_2013_OVAL_Read-Ahead_Material.pdf Other Event Details - https://register.mitre.org/devdays/ -- MITRE Corporation will host Developer Days 2013 on July 22-24, 2013, at MITRE in McLean, Virginia, USA. This three-day event is technical in nature and focuses on the Open Vulnerability and Assessment Language (OVAL®) effort, remediation, and other security automation topics. The purpose of the event is for the community to discuss OVAL and other security automation efforts and specifications in technical detail and to derive solutions that benefit all concerned parties. View the event agenda . For registration, lodging, and other conference details, please visit: https://register.mitre.org/devdays/ . -- How to Participate in the OVAL Adoption Program An organization can participate in the OVAL Adoption Program if its security products/services use OVAL in one or more of the following ways: Produce an OVAL System Characteristics file based on the details of a system Host OVAL content in a repository Author OVAL content Evaluate OVAL content and present the results in the OVAL results format Consume OVAL results and display them or use them to perform an action If your organization uses or is planning to use OVAL, review the OVAL Adoption Program Process for instructions on how to participate and/or contact oval@mitre.org to learn more. -- Join the OVAL Community! System administrators, software vendors, security analysts, developers, and other members of the information security community are invited to participate in the OVAL effort by joining our email news and discussion lists: OVAL-Announce — General news about OVAL. OVAL Developer’s Forum — Lightly moderated public forum for discussing the OVAL Language, and its implementation and inclusion in tools and services. OVAL Repository Forum — Lightly moderated public forum for discussing new and previously posted OVAL Repository content, as well the issues that affect the writing of OVAL Definitions. View our Privacy Policy . Play in the OVAL Language Sandbox! We invite members of the OVAL Community to visit the OVAL Language Sandbox on GitHub.com to propose and develop new and experimental capabilities for the OVAL Language in a new and collaborative environment. By fully investigating and implementing new capabilities first in the Sandbox before they are included in an official release of OVAL Language, we can ensure that only mature and implementable constructs are added to the OVAL Language even as the effort continuously evolves and stays current with new and emerging technologies. Join us in the OVAL Language Sandbox now at https://github.com/OVALProject/Sandbox . OVAL Version 5.10.1 Version 5.10.1 of OVAL is now available. Release highlights include adding the missing extended_name entity to the linux-def:rpmverifypackage_state; fixing the minOccurs attribute on the entities in the linux-def:rpmverifypackage_object and linux-def:rpmverifyfile_object so that they are required; and updating the schema_version entity, in the oval:GeneratorType, so that it aligns with the new three-component version identifier in the OVAL Language Versioning Policy . A complete list of changes for Version 5.10.1 is available on the Version 5.10.1 page. Visit the OVAL Language section for additional information on this and upcoming versions. OVAL Version 5.10 — Release Candidate Version 5.10 of the OVAL Language is currently in the Release Candidate stage and is scheduled to be moved to the Official stage on September 14, 2011. Version 5.10 is a minor version change and will not invalidate existing content that currently validates against Version 5.9 , the current official version of OVAL. A complete list of changes for Version 5.10 is available on the Upcoming Minor Version page. -- OVAL Author’s Resources The OVAL Author’s Resources page gathers documents and tools for authoring content in the OVAL Language into a single location. Included are prerequisites, instructional documents, useful tools, and how to obtain further assistance. Also included is a link to the Challenges of Writing OVAL Definitions white paper that describes the skill set required for authoring OVAL Definitions, of which knowledge of the OVAL Language itself is only a small part. -- Focus On OVAL Adoption Requirements The Requirements and Recommendations for OVAL Adoption and Use , which describes supported and recommended ways of incorporating OVAL into information security products and services, is available for review or download in the OVAL Adoption Program section. For additional information, please also see the Adoption Process , Technical Use Cases , and Benefit of Adopting OVAL for Vendors . -- Focus On OVAL Community Forums Active parti...