MITRE Issues New Standard for Computer Vulnerability Assessment

Events
- JupiterEvents
- internet.com/webcasts
Jobs
Partners
Solutions
- eBooks
- Video
Shop

News
Trends
Tutorials
Stats
Hardware
Reviews
Unix Roundup
Hot Topics
Forum
Product Watch
Glossary

Web
Mail
Real-Time Communication
Application
FTP
Proxy
Collaboration
List
Telnet
Operating System
Server Attic

Sitemap
Contact Us
Home
Technology Jobs

More SSH-Targeted Attacks, This Time for Debian et al

Charter Officially Speaks on NebuAd

Shorter Charter: We'd Rather You Just Not Read the Privacy Advisory in the First Place

More Open Networks Today

Become a Marketplace Partner

Remote Data Backup - Fast Flexible Easy

IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

Partner With Us
Online Shopping
Promote Your Website
Rackmount LCD Monitor
Shop
Promotional Gifts
Desktop Computers
Free Business Cards
Disney World Tickets
Online Education
Compare Prices
Logo Design Custom
Online Universities
Cell Phones
Computer Deals

Everything Has Changed
See how Intel developed the cure for deskside help visits in this video directed by Christopher Guest of Spinal Tap fame. Click here.

Win a Laptop in the Intel Resource Center Scavenger Hunt
Scour the Internet.com Intel Resource Center for clues that spell out the name of an Intel technology. Collect the letters and, with the help of one final clue, arrange the letters to get the name of the Intel technology and you can be entered to win a Lenovo x300 laptop or an Apple iPod Touch. Start your hunt here! »

Cross-client Centrino® and Core™2 processor with vPro™ Processor Technology Technical White Paper
A deeper technical dive on how vPro usage models work on both desktop and notebook PCs. Click here.

Intel® vPro Technology ROI Estimator
Intel® Core2™ Duo and Centrino® with vPro™ Processor technology cross-client ROI estimator. Click here.

WiPro Intel® Centrino® Pro with vPro™ Processor Technology
The Benefits of Intel® Centrino® Pro Processor Technology in the Enterprise. Click here.

Workstations Products Platforms Brief
Intel’s family of workstation platforms gives you the tools to move from serial to parallel workflows and enables you to iterate through alternatives faster and innovate more. Click here.

Itanium Solutions
Learn how Itanium®-based solutions are changing the way enterprises do business. Click here.

Whitepaper: HP All-in-One Storage System with VMware ESX Server. See what happens when virtualization and network storage technologies are combined. Click here to open this PDF.

ServerWatch > News

December 16, 2002
MITRE Issues New Standard for Computer Vulnerability Assessment
By Wayne Kawamoto

The MITRE Corporation recently unveiled Open Vulnerability Assessment Language (OVAL), a new communitywide standard for identifying computer vulnerabilities on local systems.

Computer vulnerabilities are an entry points for hackers. If not fixed they can result in significant recovery expenses in the event of a compromise. A preview of OVAL was displayed at the recent SANS Network Security 2002 conference.

The OVAL effort addresses the problem of how security assessment tools check for software vulnerabilities in different ways. It builds on the Common Vulnerabilities and Exposures (CVE), a dictionary of standardized names and descriptions for publicly known information security vulnerabilities and exposures developed by MITRE in cooperation with the international security community.

The OVAL effort was initiated by MITRE, and involves representatives from a broad spectrum of industry, academia, and government organizations, including operating system and security tool vendors.

Initially, OVAL will support Windows NT 4.0, Windows 2000, and Solaris 7 and 8. Red Hat Linux is also supported in draft form.

Queries are written in SQL and can be reviewed individually by hand or incorporated into security tools. Each OVAL query is based on one or more CVE entries and uses a community-developed schema. The query development process involves the submission of draft OVAL queries to a public forum that includes system administrators, software vendors, and security analysts for review, debate, and refinement. The resulting vulnerability content, in the form of approved OVAL queries for the supported platforms, is freely available over the Internet. It is maintained by MITRE on the OVAL Web site.

Tools:

Add serverwatch.com to your favorites

Add serverwatch.com to your browser search box
IE 7 | Firefox 2.0 | Firefox 1.5.x

News Archives

Search:

Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info

Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers

Solutions

Whitepapers and eBooks
Microsoft Article: Will Hyper-V Make VMware This Decade's Netscape? Microsoft Article: 7.0, Microsoft's Lucky Version? Microsoft Article: Hyper-V--The Killer Feature in Windows Server 2008 Avaya Article: How to Feed Data into the Avaya Event Processor Microsoft Article: Install What You Need with Windows Server 2008 HP eBook: Putting the Green into IT Whitepaper: HP Integrated Citrix XenServer for HP ProLiant Servers Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 1		Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 2--The Future of Concurrency Avaya Article: Setting Up a SIP A/S Development Environment IBM Article: How Cool Is Your Data Center? Microsoft Article: Managing Virtual Machines with Microsoft System Center HP eBook: Storage Networking , Part 1 Microsoft Article: Solving Data Center Complexity with Microsoft System Center Configuration Manager 2007 MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts
Intel Video: Are Multi-core Processors Here to Stay? On-Demand Webcast: Five Virtualization Trends to Watch HP Video: Page Cost Calculator Intel Video: APIs for Parallel Programming		HP Webcast: Storage Is Changing Fast - Be Ready or Be Left Behind Microsoft Silverlight Video: Creating Fading Controls with Expression Design and Expression Blend 2 MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits
Sun Download: Solaris 8 Migration Assistant Sybase Download: SQL Anywhere Developer Edition Red Gate Download: SQL Backup Pro and free DBA Best Practices eBook		Red Gate Download: SQL Compare Pro 6 Iron Speed Designer Application Generator MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos
How-to-Article: Preparing for Hyper-Threading Technology and Dual Core Technology eTouch PDF: Conquering the Tyranny of E-Mail and Word Processors IBM Article: Collaborating in the High-Performance Workplace HP Demo: StorageWorks EVA4400		Intel Featured Algorhythm: Intel Threading Building Blocks--The Pipeline Class Microsoft How-to Article: Get Going with Silverlight and Windows Live MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES