Open Vulnerability and Assessment Language (OVAL) is an international, information security, community standard to promote open and publicly available security content, and to standardize the transfer of this information across the entire spectrum of security tools and services. OVAL includes a language used to encode system details, and an assortment of content repositories held throughout the community. The language standardizes the three main steps of the assessment process: The repositories are collections of publicly available and open content that utilize the language.

Property Value
dbo:abstract
  • Open Vulnerability and Assessment Language (OVAL) is an international, information security, community standard to promote open and publicly available security content, and to standardize the transfer of this information across the entire spectrum of security tools and services. OVAL includes a language used to encode system details, and an assortment of content repositories held throughout the community. The language standardizes the three main steps of the assessment process: 1. * representing configuration information of systems for testing; 2. * analyzing the system for the presence of the specified machine state (vulnerability, configuration, patch state, etc.); and 3. * reporting the results of this assessment. The repositories are collections of publicly available and open content that utilize the language. The OVAL community has developed three schemas written in Extensible Markup Language (XML) to serve as the framework and vocabulary of the OVAL Language. These schemas correspond to the three steps of the assessment process: an OVAL System Characteristics schema for representing system information, an OVAL Definition schema for expressing a specific machine state, and an OVAL Results schema for reporting the results of an assessment. Content written in the OVAL Language is located in one of the many repositories found within the community. One such repository, known as the OVAL Repository, is hosted by The MITRE Corporation. It is the central meeting place for the OVAL Community to discuss, analyze, store, and disseminate OVAL Definitions. Each definition in the OVAL Repository determines whether a specified software vulnerability, configuration issue, program, or patch is present on a system. The information security community contributes to the development of OVAL by participating in the creation of the OVAL Language on the OVAL Developers Forum and by writing definitions for the OVAL Repository through the OVAL Community Forum. An OVAL Board consisting of representatives from a broad spectrum of industry, academia, and government organizations from around the world oversees and approves the OVAL Language and monitors the posting of the definitions hosted on the OVAL Web site. This means that the OVAL, which is funded by US-CERT at the U.S. Department of Homeland Security for the benefit of the community, reflects the insights and combined expertise of the broadest possible collection of security and system administration professionals worldwide. OVAL is used by the Security Content Automation Protocol (SCAP). (en)
  • Open Vulnerability and Assessment Language (OVAL) (открытый язык описания и оценки уязвимостей) - это международный стандарт по информационной безопасности. Он включает в себя как сам язык так и репозитории контента. OVAL стандартизует 3 основных компонента процесса оценки: представление конфигурационной информации для системы, анализ системы на предмет наличия состояний (уязвимости, обновления, конфигурации и т.п.), представление отчётов по оценке системы.Сообщество OVAL разработало 3 схемы на расширяемом языке разметки (XML) которые служат фреймворком для языка. Данные схемы соответствуют трём компонентам оценки: OVAL System Characteristics схема для представления системной информации, OVAL Definition схема отображающая текущее состояние системы и OVAL Results схема для отображения результатов оценки.OVAL является частью стандарта SCAP (Security Content Automation Protocol). (ru)
dbo:wikiPageExternalLink
dbo:wikiPageID
  • 3133750 (xsd:integer)
dbo:wikiPageRevisionID
  • 716204856 (xsd:integer)
dct:subject
http://purl.org/linguistics/gold/hypernym
rdf:type
rdfs:comment
  • Open Vulnerability and Assessment Language (OVAL) is an international, information security, community standard to promote open and publicly available security content, and to standardize the transfer of this information across the entire spectrum of security tools and services. OVAL includes a language used to encode system details, and an assortment of content repositories held throughout the community. The language standardizes the three main steps of the assessment process: The repositories are collections of publicly available and open content that utilize the language. (en)
  • Open Vulnerability and Assessment Language (OVAL) (открытый язык описания и оценки уязвимостей) - это международный стандарт по информационной безопасности. Он включает в себя как сам язык так и репозитории контента. OVAL стандартизует 3 основных компонента процесса оценки: представление конфигурационной информации для системы, анализ системы на предмет наличия состояний (уязвимости, обновления, конфигурации и т.п.), представление отчётов по оценке системы.Сообщество OVAL разработало 3 схемы на расширяемом языке разметки (XML) которые служат фреймворком для языка. Данные схемы соответствуют трём компонентам оценки: OVAL System Characteristics схема для представления системной информации, OVAL Definition схема отображающая текущее состояние системы и OVAL Results схема для отображения резул (ru)
rdfs:label
  • Open Vulnerability and Assessment Language (en)
  • OVAL (ru)
owl:sameAs
prov:wasDerivedFrom
foaf:isPrimaryTopicOf
is dbo:wikiPageDisambiguates of
is dbo:wikiPageRedirects of
is foaf:primaryTopic of