OVAL® International in scope and free for public use, OVAL is an information security community effort to standardize how to assess and report upon the machine state of computer systems. OVAL includes a language to encode system details, and an assortment of content repositories held throughout the community.
Tools and services that use OVAL for the three steps of system assessment — representing system information, expressing specific machine states, and reporting the results of an assessment — provide enterprises with accurate, consistent, and actionable information so they may improve their security. Use of OVAL also provides for reliable and reproducible information assurance metrics and enables interoperability and automation among security tools and services.
| OVAL in the Enterprise | |
|---|---|
|
||||||
Focus On
OVAL Version 5.10.1
Version 5.10.1 of OVAL is now available. Release highlights include adding the missing extended_name entity to the linux-def:rpmverifypackage_state; fixing the minOccurs attribute on the entities in the linux-def:rpmverifypackage_object and linux-def:rpmverifyfile_object so that they are required; and updating the schema_version entity, in the oval:GeneratorType, so that it aligns with the new three-component version identifier in the OVAL Language Versioning Policy. A complete list of changes for Version 5.10.1 is available on the Version 5.10.1 page.
Visit the OVAL Language section for additional information on this and upcoming versions.
Latest News
Version 5.10.1 of OVAL Now Available
OVAL Interpreter Updated to Version 5.10.1
OVAL Repository Updated to Version 5.10.1
Draft of OVAL Language Windows Component Data Model Specification Now Available
OVAL Board Holds Teleconference Meeting
MITRE Announces Initial "Making Security Measurable" Calendar of Events for 2012
2 New OVAL Board Members for Cisco
OVAL Repository Announces Top Contributors Awards for Q4-2011
Upcoming Events
OVAL/Making Security Measurable booth at RSA Conference 2012, February 27 - March 2
