- 1 Pivotal Container Service Packs Plenty of New Features in PKS 1.1 Update
- 2 Canonical Extends Ubuntu 18.04 LTS Linux Support to 10 Years
- 3 OpenStack Open Infrastructure Pilot Projects from A to Z
- 4 U.S. Supercomputers Lead Latest Top500 Performance Ranking
- 5 Dell EMC Enhances VxBlock, VxRail Hyperconverged Infrastructure
MITRE Issues New Standard for Computer Vulnerability Assessment
The MITRE Corporation recently unveiled Open Vulnerability Assessment Language (OVAL), a new communitywide standard for identifying computer vulnerabilities on local systems. MITRE Corp. recently presented the Open Vulnerability Assessment Language, a new standard for how computer vulnerabilities are identified on local systems. Solaris 7 is among the initial supported platforms.
Computer vulnerabilities are an entry points for hackers. If not fixed they can result in significant recovery expenses in the event of a compromise. A preview of OVAL was displayed at the recent SANS Network Security 2002 conference.
The OVAL effort addresses the problem of how security assessment tools check for software vulnerabilities in different ways. It builds on the Common Vulnerabilities and Exposures (CVE), a dictionary of standardized names and descriptions for publicly known information security vulnerabilities and exposures developed by MITRE in cooperation with the international security community.
The OVAL effort was initiated by MITRE, and involves representatives from a broad spectrum of industry, academia, and government organizations, including operating system and security tool vendors.
Initially, OVAL will support Windows NT 4.0, Windows 2000, and Solaris 7 and 8. Red Hat Linux is also supported in draft form.
Queries are written in SQL and can be reviewed individually by hand or incorporated into security tools. Each OVAL query is based on one or more CVE entries and uses a community-developed schema. The query development process involves the submission of draft OVAL queries to a public forum that includes system administrators, software vendors, and security analysts for review, debate, and refinement. The resulting vulnerability content, in the form of approved OVAL queries for the supported platforms, is freely available over the Internet. It is maintained by MITRE on the OVAL Web site.
IT Solutions Builder TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD
Which topic are you interested in?
What is your company size?
What is your job title?
What is your job function?
Searching our resource database to find your matches...