|
| Contact Us | Downloads | News — May 15, 2008 | Search |
Compatibility Questionnaire: GFI LANguard Network Security Scanner
General Capability Questions |
Accuracy Questions |
Documentation Questions |
Capability Specific Questions |
Statements
Organizational InformationName of Your Organization:GFI Software Ltd.
Web Site:Product InformationProduct/Service Name:GFI LANguard Network Security Scanner
Compatible Categories:OVAL Definition Producer (Planned)
OVAL Definition Consumer (Beta) OVAL Results Producer (Planned) OVAL Results Consumer (Planned) Product/Service Home Page:Product AccessibilityProvide a short description of how and
where your capability is made available to your customers and the public:
Product can be downloaded from our web site at http://www.gfi.com/lanss Language Version IndicationDescribe how and where the capability indicates
the version of the OVAL Language used to validate, create, or update
its content:
This point is not applicable to this product. The content is downloaded, processed, and outputted in proprietry formats by the GFI Labs. The processed content is packaged together with other updates for the product and made available on the GFI servers for downloading by clients. This was done purposely to avoid inconsistencies when OVAL decides to update its definition file schemas. To this effect what was important to end users is to understand the source of the vulnerability check (OVAL ID), description and any other information which is relevant to this reported vulnerability by OVAL or other sources (including GFI). Approach for Correction of ErrorsIndicate how a user who discovers an error in the capability's use of OVAL can report the error:
Errors, updates and inconsistencies are reported through our support email address support@gfi.com who will escalate the issue to our GFI Security Labs for review. Describe the approach to responding to the above error reports and how applicable fixes will be applied:
Once the submitted content/update details are reported, GFI Security Labs will process the report and were applicable issue an immediate update. Were applicable the reported content will be sent to the OVAL authority for updating of main source of data. Compatibility DocumentationProvide a copy, or directions to the location, of where the documentation describes OVAL and OVAL Compatibility for any customers:
NOTE: Product is still in BETA. Documentation is presently being updated to contain necessary content and explanations by release of product. Language SupportIndicate the component schemas and/or individual OVAL Tests that the capability does not support for each category of OVAL Compatibility being applied for:
---------------------------------------------- Finding Elements Using OVALProvide details regarding how users can identify and find individual OVAL content (through OVAL-IDs) that is being consumed by the capability. For example, how can a user determine which definitions have been consumed and what the result of each definition is:
The product has integrated within it a browser which allows users to analyze, browse, search as well as maintain the vulnerability checks which are created based on the OVAL content. Each check is clearly identified through the related OVAL ID. Additional information sources such as CVE ID, Security Focus ID and MS Bulletin ID (were applicable) is also provided. Direct URL links to further information from any of the above sources (were applicable) are also provided. Such information is also avaialble within the vulnerability reports and tools provided by the product. OVAL Content Importation Process ExplanationIf the capability does not support consuming OVAL content at runtime, explain the documented process by which users can submit OVAL content for interpretation by the capability, including how quickly submitted content is made available to the capability:
GFI Labs have in place a system which constantly monitors for new updates released by the OVAL authority. Once a new update is detected, GFI Labs will download, process and upload the new definitions to its update servers for downloading by the users of the product. Update frequency will depend on nature of reported content as well as update schedule of GFI. Users wanting to submit OVAL content for inclusion in the definition files distributed, are able to report content through our support and feedback lines on either support@gfi.com or feedbacklnss@gfi.com. These emails will be forwarded to the GFI Security Labs who will verify and update accordingly. Were applicable reported updates will also be forwarded to the OVAL authority for review. Statement of CompatibilityHave an authorized individual sign and date the following Compatibility Statement (required): "As an authorized representative of my organization I agree that we will abide by all of the mandatory compatibility requirements as well as all of the additional mandatory compatibility requirements that are appropriate for our specific type of capability."
Statement of AccuracyHave an authorized individual sign and date the following accuracy Statement (recommended): "As an authorized representative of my organization and to the best of my knowledge, there are no errors in the correctness of our capability's use of the OVAL Language and the interpretation of the logic."
Statement on Follow-on Correctness Testing SupportHave an authorized individual sign and date the following statement about your organizations willingness to support correctness testing of other capabilities, which will be managed by the Reviewing Authority and kept to reasonable levels of effort for all involved. (required): "As an authorized representative of my organization, we agree to support the Review Authority in follow-on correctness testing activities, where appropriate types of OVAL documents might need to be exchanged with other organizations attempting to prove the correctness of their capabilities."
Page Last Updated: February 28, 2007 |
|
|||||||||||||||||||
 |
||
