Open Vulnerability and Assessment Language (OVAL)
Contact Us Downloads News May 15, 2008 Search
link to OVAL home page
 Community Participation

Community Participation

How to Participate

Welcome to the OVAL Community! You have joined numerous colleagues from across the international information security community who have come together to help build this growing industry initiative to standardize how to check the machine state of computer systems for the presence of software vulnerabilities, whether the configuration settings of systems meet security policies, for the presence of specific programs, and for the presence of patches.

Broad community participation in OVAL comes via the OVAL Community Forum Email List for discussing and submitting OVAL definitions, OVAL Developer's Email List for contributing to the development of the OVAL Language, OVAL Board of representatives from across the information security community, and the growing list of OVAL-Compatible Products and Services and Declarations to Be OVAL-Compatible for numerous information security products and services from around the world.

Current Forum and Developer List members actively participate in a number of different ways:

With OVAL Definitions:

  • Commenting on previously posted Draft, Interim, or Accepted OVAL definitions for any supported platforms (e.g., comments on the XML, on the issue itself, etc.) or applications
  • Discussing OVAL definitions that are in development in Forum email messages and not yet posted on the site (e.g., comments on adherence to the schema, on the XML, on the issue itself, etc.)
  • Submitting his or her own OVAL definitions for the platform, vulnerability, or configuration issue of his or her choice
  • Discussing CVE entries, configuration issues, and/or patches
  • Commenting on past discussions about OVAL definitions from the Discussion Archive

With the OVAL Language:

  • Offering comments on the OVAL Language schemas for the supported platform of his or her choice
  • Commenting on any draft OVAL Language schemas for the supported platform of his or her choice on the Developer's List
  • Commenting on past discussions about schemas from the Discussion Archive
  • Submitting new draft OVAL Language schemas directly to the OVAL Editor for currently unsupported platforms. (Email oval@mitre.org to volunteer or request more information)

Providing Technical and Other Help to the OVAL Effort:

  • Enlisting with the OVAL Editor to assist with finalizing or "pre-review" of specific OVAL definitions in his or her area of expertise that are not yet posted on the site. (Email oval@mitre.org to volunteer or request more information)
  • Assisting the OVAL Editor by providing basic, intermediate, or advanced technical help for specific OVAL definitions in his or her area of expertise or interest. (Email oval@mitre.org to volunteer or request more information)
  • Sending private comments (or information he or she doesn't wish disclosed) about technical or other issues to the OVAL Editor at oval@mitre.org
  • Joining the OVAL Community Forum email list to discuss and submit OVAL definitions
  • Joining the OVAL Developer's email list to discuss the schemas and OVAL implementation issues.

Spreading the Word about the OVAL Effort:

  • Recommending that his or her organization adopt tools that use OVAL
  • Actively encouraging his or her vendors to incorporate OVAL to support his or her organization's enterprise security requirements
  • Recommending or working with his or her organization to incorporate OVAL's standardized schemas and definition information into its tools to provide the logic that determines how the vulnerabilities, configuration issues, or patches are found
  • Working with his or her organization to incorporate or convert XML on which OVAL schemas and definitions are based into the proprietary code or language of his or her organization's products and services
  • Recommending or working with his or her organization to incorporate or convert standardized OVAL definitions information into his or her organization's security advisories and fix sites
  • Promoting the OVAL Language, OVAL Definitions, and OVAL-Compatible Products and Services to colleagues through email, in news articles, and at industry events

Forum Feedback-Tell us what you think!

You may contribute in as many different ways as you prefer. As always, active participation is important to the success of OVAL. Please send your ideas, comments, and suggestions about OVAL to oval@mitre.org.

Page Last Updated: February 09, 2008

 

OVAL is sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security.

The OVAL Web site is hosted by The MITRE Corporation.

Copyright 2002-2008, The MITRE Corporation. All rights reserved. OVAL and the OVAL logo are registered trademarks of The MITRE Corporation.

Contact oval@mitre.org for more information.
Privacy policy
Terms of use