October 24th, 2014


OVAL (Open Vulnerability and Assessment Language) is an XML language introduced by MITRE and sponsored by US-CERT and Homeland Security. On the most basic level it provides different schemas to represent latest vulnerabilities posted on MITRE’s CVE. However, it goes one step further by defining not only vulnerabilities themselves but also logical aggregation structure of how to test for those vulnerabilities. This of course opens a possibility of designing a security assessment tool that takes advantage of OVAL language and continuously updated OVAL repository which tells you both which new vulnerabilities are available and how to test for them. You can learn more about the language here, look at definitions provided by MITRE here. Although MITRE provides a proof of concept OVAL Interpreter at its site, there is a much more usable open source project called Sussen which can get you up to speed with OVAL.

Leave a Response

Imhotep theme designed by Chris Lin. Proudly powered by Wordpress.
XHTML | CSS | RSS | Comments RSS