For quite a long time there wasn’t any unified standard in the world that would allow information security experts to formally describe information systems vulnerabilities, configuration errors and missing security updates. OVAL, an open language for description and assessment of vulnerabilities, has become a very simple and universal method of IS content sharing.
Open Vulnerability and Assessment Language (OVAL) is a specialized language based on XML intended for automated assessment of security systems, which provides means for description of a system under research, for analysis of its state and reporting on the check results.
The OVAL language is supported by a not-for-profit corporation named MITRE, which has already included Positive Technologies OVAL Repository into the official list of products supporting OVAL and entitled Positive Technologies an Official OVAL Adopter. Positive Research experts are going to implement OVAL in MaxPatrol Vulnerability and Compliance Management System.
oval.ptsecurity.com, a vulnerabilities repository, will allow information security specialists to take advantage of experience and knowledge of the Positive Research Center experts, and developers from different countries will be able to use this repository content for software production.
It is obvious that use of open standards helps to make IS industry more transparent and effective. Cooperation of industry participants and software manufacturers (Microsoft, Red Hat, Novell, Cisco and etc.) in development of security content with the help of OVAL will allow providing end users with a more qualitative product.