News and Events

Subscribe to the OVAL News feed to get notifications of our latest headlines.

Information-technology Promotion Agency, Japan (IPA) Posts OVAL Adoption Questionnaire to Become Official OVAL Adopter

Information-technology Promotion Agency, Japan (IPA) achieved the second phase of the OVAL Adoption Process by submitting an OVAL Adoption Questionnaire for My JVN API.

In Phase 2 of the adoption process the organization’s completed adoption requirements evaluation questionnaire, which includes detailed technical information of how the organization has incorporated OVAL into its product or service per the current best-practice usages of OVAL as described in the "OVAL Technical Use Cases Guide," is posted on the OVAL Web site and the product is now eligible to use the Official OVAL Adopter product/service logo.

A total of 22 products to-date have been recognized as Official OVAL Adopters.

For additional information and to review the complete list of all products and services participating in the adoption program, visit the OVAL Adoption Program section.

MITRE Hosts Community Call about "OVAL for Android"

MITRE hosted an "OVAL for Android" teleconference meeting on May 6, 2013 for the OVAL Community. Discussion topics included the current status of the OVAL for Android schemas (i.e., Experimental Android Definitions Schema and Experimental Android System Characteristics Schema), use cases by examining sample content (i.e., Sample Content and Proof-of-Concept System-Characteristics Producer Android Application), and what commercial vendors may want to integrate. Meeting minutes will be posted when available.

OVAL Board Meeting Minutes Now Available

Meeting minutes for the OVAL Board teleconference meeting held on Monday, April 29, 2013, which was a follow-up to the OVAL Board Meeting held on April 8, 2013, have been posted in the Community section.

MITRE Hosting "OVAL for Android" Community Call on May 6

Since last year’s Developer Days event, the OVAL Team has been actively working to expand upon the Android schemas in the OVAL Language Sandbox as well as to develop a proof-of-concept Android application that produces the system-characteristics for an Android device. As a result, we would like to have a community conference call to provide an overview of our progress on the schemas, discuss a couple of use cases, discuss how the schemas might be used by commercial vendors, and most importantly get feedback from the community.

As noted below the conference call will be held on Monday, May 6, 2013 from 11:00 AM to 12:00 PM EST. Please reply to oval@mitre.org if you plan to attend. In order to ensure that we will have a successful call, we need to confirm attendance from a reasonable number of community members.

As always, if you have any questions or suggestions for topics of discussion related to the OVAL and Android work, please let us know and we will incorporate them into the call.

CALL DETAILS

AGENDA

• Current status of the OVAL for Android work
• Use cases by examining sample content
• What commercial vendors may want to integrate
• Any potential issues or challenges

DISCUSSION PREPARATION MATERIALS

For context on previous discussions and lower-level details about the changes to the schemas, we recommend reviewing last year’s Developer Days minutes as well as the corresponding oval-developer-list posts (see links below under RESOURCES).

Most importantly for the call, we recommend reviewing the current schemas and sample content in the OVAL Language Sandbox and considering the following questions:

Given that mobile devices are a new area for OVAL, it is very important that we hear your feedback to ensure that we arrive at a solution that is usable by the community.

RESOURCES

• Experimental Android Definitions Schema
• Experimental Android System Characteristics Schema
• Sample Content
• Proof-of-Concept System-Characteristics Producer Android Application
• OVAL and Android Community Discussions
• 2012 Developer Days Slides and Minutes

For your convenience, a calendar invite for the community call is available here:

Questions or concerns about this community conference call are welcome at oval@mitre.org.

OVAL a Main Topic of Cisco Webinar about Security Automation

OVAL Board member Cisco Systems, Inc. hosted a webinar on April 23, 2013 entitled "Security Automation Live" that included OVAL as a main discussion topic. The webinar description stated that attendees would learn about "security automation; Cisco’s machine readable content strategy; and vulnerability assessment using OVAL. Discuss how customers can use OVAL to quickly assess the effects of security vulnerabilities in Cisco IOS Software devices. Learn step-by-step instructions about how to use OVAL content with available open source tools and ask questions about these emerging technologies and standards."

The webinar sign-up page also advocated the benefits of security automation by stating: "Cisco is helping customers by adopting cutting-edge security automation standards such as the Open Vulnerability and Assessment Language (OVAL) and the Common Vulnerability Reporting Framework (CVRF)."

OVAL Board Meeting Minutes Now Available

Meeting minutes for the OVAL Board teleconference meeting held on Monday, April 8, 2013 have been posted in the Community section.

OVAL Interpreter Updated to Version 5.10.1.5

The OVAL Interpreter and its source code have been updated to Version 5.10.1.5. Specific updates to the OVAL Interpreter included adding support for the ipv6_address datatype, improving how the linux-def:rpminfo_item’s signature_keyid entity is collected, modifying the collection format for the win-def:file_item’s language entity to now be specified by the OS, and fixing some issues reported by the OVAL Community.

A detailed list of updates and fixes is available in the download bundle. See the OVAL Interpreter Page on SourceForge for the latest information.

OVAL Board Holds Teleconference Meeting

The OVAL Board held a teleconference meeting on April 8, 2013. Discussion topics included status updates on the OVAL Language, OVAL Repository, and OVAL Interpreter; a status update for the upcoming minor release OVAL Version 5.11; an OVAL IETF overview; follow-up on the face-to-face OVAL Board Meeting held at RSA 2013; and a review of Board roles/responsibilities and membership processes. Meeting minutes will be posted when available.

New OVAL Board Member

Pat Fetty of Microsoft Corporation has joined the OVAL Board. He replaces Michael Tan, who has left the Board.

MITRE Hosts OVAL Booth at InfoSec World 2013

MITRE hosted a "Strengthening Cyber Defense" booth that included OVAL at InfoSec World Conference & Expo 2013 at Walt Disney World Swan and Dolphin in Orlando, Florida, USA, on April 15-17, 2013. Attendees learned how information security data standards facilitate both effective security process coordination and the use of automation to assess, manage, and improve the security posture of enterprise security information infrastructures.

Visit the OVAL Calendar for information on this and other events.

OVAL Mentioned in "Automating Security Compliance & Operations to Protect Critical Infrastructure" Webinar

MITRE Senior Information Assurance Engineer Luis Nunez was a guest speaker on the topic of Industry Collaboration in a webinar entitled "Automating Security Compliance & Operations to Protect Critical Infrastructure" on April 9, 2013. Senior Director of Systems Engineering, Federal, at Juniper Networks Tim LeMaster was also a speaker, and Bob Ackerman, SIGNAL Magazine Editor-in-Chief was the moderator. The event was sponsored by Juniper Networks.

Discussion topics for the webinar included: why automation is essential to protect critical network and computing infrastructures, cost-effective strategies for improved secure information-sharing, how to start simplifying network operations, and how network automation and orchestration are essential for seamless workflow management. Open Vulnerability and Assessment Language (OVAL®) and Common Vulnerabilities and Exposures (CVE®) were also mentioned.

OVAL Repository Announces Top Contributors Awards for Q1-2013

ALTX-SOFT, G2, Inc., and SecPod Technologies received the "OVAL Repository Top Contributors Awards" for Q1-2013. The awards serve as public recognition of an organization’s support of the OVAL Repository and as an incentive to others to contribute.

Refer to the OVAL Repository Top Contributors Awards Program page for more information and a list of past recipients.

"Automating Security Compliance & Operations to Protect Critical Infrastructure" Webinar, April 9

MITRE Senior Information Assurance Engineer Luis Nunez will be a guest speaker on the topic of Industry Collaboration in a webinar entitled "Automating Security Compliance & Operations to Protect Critical Infrastructure" on April 9, 2013 from 1:00 pm - 2:00 pm, Eastern Daylight Time. Senior Director of Systems Engineering, Federal, at Juniper Networks Tim LeMaster will also be a speaker, and Bob Ackerman, SIGNAL Magazine Editor-in-Chief will be the moderator. The event is sponsored by Juniper Networks.

Discussion topics for the webinar will include: why automation is essential to protect critical network and computing infrastructures, cost-effective strategies for improved secure information-sharing, how to start simplifying network operations, and how network automation and orchestration are essential for seamless workflow management.

For more information and to register visit http://www.afcea.org/signal/webinar.

Photos from OVAL Booth at RSA 2013

MITRE hosted a "Strengthening Cyber Defense" booth that included OVAL at RSA Conference 2013 at the Moscone Center in San Francisco, California, USA, on February 25 – March 1, 2013.

Strengthening Cyber Defense booth photos:

Visit the OVAL Calendar for information on this and other events.

MITRE to Host OVAL Booth at InfoSec World 2013, April 15-17

MITRE will host a "Strengthening Cyber Defense" booth that includes OVAL at InfoSec World Conference & Expo 2013 at Walt Disney World Swan and Dolphin in Orlando, Florida, USA, on April 15-17, 2013. Attendees will learn how information security data standards facilitate both effective security process coordination and the use of automation to assess, manage, and improve the security posture of enterprise security information infrastructures.

Members of the OVAL Team will be in attendance. Please stop by Booth 313 and say hello!

Visit the OVAL Calendar for information on this and other events.

MITRE Hosts OVAL Booth at RSA 2013

MITRE hosted a "Strengthening Cyber Defense" booth that included OVAL at RSA Conference 2013 at the Moscone Center in San Francisco, California, USA, on February 25 – March 1, 2013.

Visit the OVAL Calendar for information on this and other events.

OVAL Board Holds Meeting at RSA 2013

The OVAL Board held an informal face-to-face meeting on February 26, 2013 at RSA Conference 2013 in San Francisco, California, USA to discuss a potential transfer of the OVAL Language to a formal standards body. Read the meeting minutes.

Draft of OVAL Version 5.11 Now Available

A Draft of Version 5.11 of the OVAL Language is now available on the OVAL Web site. Version 5.11 is scheduled to be moved to the Official stage in September 2013.

Version 5.11 is a minor version change that adds support for notes in variables; deprecates the digest_check_passed and signature_check_passed entities in the linux-def:rpmverifypackage_test; adds support for the collection of hive values in the win-def:registry_test; and includes several documentation improvements in the OVAL Language schemas and specifications.

Future draft releases of Version 5.11 will include additional changes and updates.

Additional information about Version 5.11 is available on the Version 5.11 Upcoming Version page.

OVALProject Language Repository Now Available on GitHub.com

The OVALProject Language Repository is now available on Github.com. The OVALProject Language Repository on GitHub will serve as the central location for OVAL Community members to make open-source contributions and manage issue tracking for the OVAL schemas and other supporting information and items.

The OVALProject Repositories on GitHub also include OVAL Language Sandbox, which provides a collaborative environment for the community to propose, experiment with, and fully investigate and implement new capabilities before including them in an official release to ensure that only mature and implementable constructs are added to the OVAL Language.

Please send any comments, requests, or suggestions about the OVALProject on GitHub to oval@mitre.org.

Institute for Information Industry — CyberTrust Technology Institute Posts OVAL Adoption Questionnaire to Become Official OVAL Adopter

Institute for Information Industry — CyberTrust Technology Institute achieved the second phase of the OVAL Adoption Process by submitting an OVAL Adoption Questionnaire for Crystal Security Keeper (CSK).

In Phase 2 of the adoption process the organization’s completed adoption requirements evaluation questionnaire, which includes detailed technical information of how the organization has incorporated OVAL into its product or service per the current best-practice usages of OVAL as described in the "OVAL Technical Use Cases Guide," is posted on the OVAL Web site and the product is now eligible to use the Official OVAL Adopter product/service logo.

A total of 21 products to-date have been recognized as Official OVAL Adopters.

For additional information and to review the complete list of all products and services participating in the adoption program, visit the OVAL Adoption Program section.

ATM Software sp. z o.o. Makes Declaration to Adopt OVAL

ATM Software sp. z o.o. declared that its server/software lifecycle management with OVAL repository and vulnerability assessment, ATM Information Security Workflow, will incorporate OVAL.

For additional information about this and other products using OVAL, visit the OVAL Adoption Program section.

Updated OVAL Introductory Flyer Now Available

The updated OVAL Introductory Flyer, which is a brief two-page introduction to the OVAL effort, is now available on the Documents page.

MITRE to Host OVAL Booth at RSA 2013, February 25 – March 1

MITRE is scheduled to host a "Strengthening Cyber Defense" booth that includes OVAL at RSA Conference 2013 at the Moscone Center in San Francisco, California, USA, on February 25 – March 1, 2013. Attendees will learn how OVAL and other information security data standards facilitate both effective security process coordination and the use of automation to assess, manage, and improve the security posture of enterprise security information infrastructures.

Members of the OVAL Team will be in attendance. Please stop by Booth 2617 and say hello!

Visit the OVAL Calendar for information on this and other events.

"Related Efforts" Page Added to OVAL Web Site

A Related Efforts page has been added to the Community section of the OVAL Web site. The new page notes other cyber security structuring and standardization efforts that have direct relationships to OVAL.

OVAL Board Holds Teleconference Meeting

The OVAL Board held a teleconference meeting on January 14, 2013. Discussion topics included status updates on the OVAL Language, OVAL Repository, and OVAL Interpreter; release planning for upcoming minor release OVAL Version 5.11; results from the OVALDI Usage Survey; and Solaris 11 patching needs. Read the meeting minutes.

New OVAL Board Member

William Munyan of Center for Internet Security has joined the OVAL Board.

OVAL Interpreter Updated to Version 5.10.1.4

The OVAL Interpreter and its source code have been updated to Version 5.10.1.4. Specific updates to the OVAL Interpreter included adding support for the scheduling_class entity in the unix-def:process_test and unix-def:process58_test, and fixing some issues reported by the OVAL Community.

A detailed list of updates and fixes is available in the download bundle. See the OVAL Interpreter Page on SourceForge for the latest information.

New OVAL Board Member

Steven Piliero of Unified Compliance has joined the OVAL Board. He previously represented Center for Internet Security.

MITRE Announces Initial "Making Security Measurable" Calendar of Events for 2013

MITRE has announced its initial Making Security Measurable calendar of events for 2013. Details regarding MITRE’s scheduled participation at these events are noted on the OVAL Calendar page. Each listing includes the event name with URL, date of the event, location, and a description of our activity at the event.

• RSA Conference 2013, February 21-March 1, 2013
• InfoSec World Conference & Expo 2013, April 15-17, 2013
• Black Hat Briefings 2013, July 27-August 1, 2013

Other events may be added throughout the year. Visit the OVAL Calendar for information or contact oval@mitre.org to have MITRE present a briefing or participate in a panel discussion about OVAL®, CVE®, CCE™, CPE™, CEE™, CWE™, CWSS™, CAPEC™, MAEC™, CybOX™, STIX™, TAXII™, and/or Making Security Measurable at your event.

OVAL Repository Announces Top Contributors Awards for Q4-2012

ALTX-SOFT, G2, Inc., and SecPod Technologies received the "OVAL Repository Top Contributors Awards" for Q4-2012. The awards serve as public recognition of an organization’s support of the OVAL Repository and as an incentive to others to contribute.

Refer to the OVAL Repository Top Contributors Awards Program page for more information and a list of past recipients.

Page Last Updated: May 10, 2013