OVAL Language

The OVAL Language standardizes the three main steps of the assessment process: representing configuration information of systems for testing; analyzing the system for the presence of the specified machine state (vulnerability, configuration, patch state, etc.); and reporting the results of the assessment. In this way, OVAL enables open and publicly available security content and standardizes the transfer of this content across the entire spectrum of information security tools and services.

Language Releases

Current and upcoming OVAL Language releases, with links to information and downloads for each, are listed below. Changes to the OVAL Language are a direct result of feedback from the OVAL community. Past versions of OVAL are available in the OVAL Archive.

Version 5.11 updates the documentation, introduces new platform extension schemas, adds additional Tests, and augments several enumeration values.

Upcoming Versions

Participate in the next version of OVAL on the OVAL Developer’s Forum:

Page Last Updated: December 18, 2014