US-CERT and OVAL
OVAL is sponsored by National Cyber Security Division (NCSD) at the U.S.
Department of Homeland Security. OVAL provides its vulnerability content
to US CERT and US-CERT uses this information and the CVE names upon which
OVAL definitions are based to incorporate into its security advisories
when possible.
What Is OVAL?
Open Vulnerability Assessment Language (OVAL™) is the common language
for security experts to discuss and agree upon technical details about
how to check for the presence of vulnerabilities on computer systems.
The vulnerabilities are identified using gold-standard tests—OVAL
vulnerability definitions in Extensible Markup Language (XML) and queries
in Structured Query Language (SQL)—that can be utilized by end users
or implemented in scanning tools.
Members of the information security community participate in the OVAL
project by writing, reviewing, and discussing definitions on the OVAL
Community Forum email list. This means OVAL vulnerability content
reflects the insights and combined expertise of the broadest possible
collection of security and system administration professionals.
An OVAL Board
of representatives from industry, academia, and government organizations
approves OVAL's baseline schema and evaluates and reviews definitions.
Platforms Supported
OVAL supports Windows, UNIX, and Linux. Numerous definitions are available
for each platform as well as Definition
Interpreters that can test a system for vulnerabilities. Definitions
and downloads are updated regularly. |