OVAL® International in scope and free for public use, OVAL is an information security community effort to standardize how to assess and report upon the machine state of computer systems. OVAL includes a language to encode system details, and an assortment of content repositories held throughout the community.

Tools and services that use OVAL for the three steps of system assessment — representing system information, expressing specific machine states, and reporting the results of an assessment — provide enterprises with accurate, consistent, and actionable information so they may improve their security. Use of OVAL also provides for reliable and reproducible information assurance metrics and enables interoperability and automation among security tools and services.

OVAL in the Enterprise

Focus On

OVAL Repository Statistics

The OVAL Repository contains all community-developed OVAL Vulnerability, Compliance, Inventory, and Patch Definitions for supported operating systems. Available statistics include the following:

  • Main Landing Page Infographic – provides the grand total of OVAL Definitions contained in the Repository to-date, as well as a breakdown of definitions by top-level platform family.
  • Statistics page – provides "General Statistics" by platform family and by individual platform versions; "Top Contributors" of individuals submitting new definitions or modified existing definitions; and "Top Organizations" of organizations contributing new definitions or modified existing definitions.
  • Latest Updates – provides the latest updates to the Repository, including new OVAL Definitions, definitions that have changed status (e.g., from Draft to Interim or Interim to Accepted), and definitions that have been modified. This data is also searchable from 1-120 days.

Visit the Submit Content page.

Page Last Updated: July 09, 2014