OVAL - News and Events

News and Events

Subscribe to the OVAL News feed to get notifications of our latest headlines.

February 3, 2012

Altx-Soft Makes Declaration to Adopt OVAL

Altx-Soft declared that its Web-based OVAL Repository Database, Altx-Soft Ovaldb, incorporates OVAL. For additional information about these and other products using OVAL, visit the OVAL Adoption Program section.

Altx-Soft Now Listed on "Other Repositories" Page

Altx-Soft is now listed on the Other Repositories page in the OVAL Repository section for its repository of OVAL content.

Visit the Other Repositories page for a complete list of all of the repositories of OVAL content held across the community.

MITRE to Host OVAL/Making Security Measurable Booth at RSA 2012, February 27 – March 2

MITRE is scheduled to host an OVAL/Making Security Measurable booth at RSA Conference 2012 at the Moscone Center in San Francisco, California, USA, on February 27 – March 2, 2012. Attendees will learn how information security data standards such as OVAL, CVE, CCE, CPE, CWE, CAPEC, MAEC, CEE, CybOX, etc., facilitate both effective security process coordination and the use of automation to assess, manage, and improve the security posture of enterprise security information infrastructures.

Members of the OVAL Team will be in attendance. Please stop by Booth 2617 and say hello!

Visit the OVAL Calendar for information on this and other events.

January 27, 2012

Version 5.10.1 of OVAL Now Available

Version 5.10.1 of OVAL has been moved to the "Official" stage and is now available on the OVAL Language page. This is an update version change, per the revised OVAL Language Versioning Policy, that fixes a critical issue discovered in Version 5.10 of the OVAL Language. The OVAL Interpreter and OVAL Repository have also been updated to Version 5.10.1.

Version 5.10.1 includes the following: updated the GeneratorType and DeprecatedInfoType to align with the new three-component version identifier in the OVAL Language Versioning Policy; added the missing extended_name entity to the linux-def:rpmverifypackage_state; and changed the minOccurs attribute on the entities in the linux-def:rpmverifypackage_object and linux-def:rpmverifyfile_object from "0" to "1".

The previous versions of OVAL have been archived. Visit the OVAL Language Releases page for the latest information on Version 5.10.1.

OVAL Interpreter Updated for Version 5.10.1

The OVAL Interpreter and its source code have been updated to OVAL Version 5.10.1. Specific updates to the OVAL Interpreter included: addition of support for Version 5.10.1 of the OVAL Language and fixing some minor issues reported by the OVAL Community.

The list of updates and fixes is also available in the download bundle. See the OVAL Interpreter Page on SourceForge for the latest release and to review the terms of use.

OVAL Repository Updated for Version 5.10.1

The OVAL Repository has been updated to OVAL Version 5.10.1. The OVAL Repository contains all community-developed OVAL Vulnerability, Compliance, Inventory, and Patch Definitions for supported operating systems. Definitions are free to use and implement in information security products and services, per the Terms of Use.

Draft of OVAL Language Windows Component Data Model Specification Now Available

A working draft of the OVAL Language Windows Component Data Model Specification document is now available for community review and comment on the OVAL Version 5.10.1 page in the OVAL Language section. The specification is the platform-specific extension of the OVAL Language Data Model for the Microsoft Windows operating systems.

Please submit comments or questions about the current draft directly to the OVAL Developer’s Forum email list.

January 17, 2012

Release Candidate 2 of OVAL Version 5.10.1 Now Available

Release Candidate 2 of Version 5.10.1 of the OVAL Language is now available on the OVAL Web site. Version 5.10.1 is scheduled to be moved to the Official stage on January 20, 2012. This is an update version change, per the revised OVAL Language Versioning Policy, that fixes a critical issue discovered in Version 5.10 of the OVAL Language.

Additional information about Version 5.10.1 is available on the Version 5.10.1 Upcoming Version page.

OVAL Board Holds Teleconference Meeting

The OVAL Board held a teleconference meeting on January 9, 2012. Discussion topics included status updates on the OVAL Language, OVAL Repository, and OVAL Adoption; the update version release of OVAL 5.10.1; the updated Versioning Policy document; OVAL Interpreter; and the OVAL Language Sandbox proposal. Read the meeting minutes.

January 5, 2012

MITRE Announces Initial "Making Security Measurable" Calendar of Events for 2012

MITRE has announced its initial Making Security Measurable calendar of events for 2012. Details regarding MITRE’s scheduled participation at these events are noted on the OVAL Calendar page. Each listing includes the event name with URL, date of the event, location, and a description of our activity at the event.

RSA Conference 2012, February 27-March 2, 2012
InfoSec World Conference & Expo 2012, April 2-4, 2012
Black Hat Briefings 2012, July 25-26, 2012
Information Assurance Expo 2012, August 27-30, 2012
Black Hat Briefings 2012, November 1-2, 2012

Other events may be added throughout the year. Visit the OVAL Calendar for information or contact oval@mitre.org to have MITRE present a briefing or participate in a panel discussion about OVAL, CVE, CCE, CPE, CAPEC, CybOX , CWE, MAEC, CEE, Software Assurance, and/or Making Security Measurable at your event.

Two New OVAL Board Members

Anthony Busciglio and Omar Santos of Cisco Systems, Inc. have joined the OVAL Board.

OVAL Repository Announces Top Contributors Awards for Q4-2011

Depository Trust & Clearing Corporation (DTCC), G2, Inc., SecPod Technologies, and Symantec Corporation received the "OVAL Repository Top Contributors Awards" for Q4-2011. The awards serve as public recognition of an organization’s support of the OVAL Repository and as an incentive to others to contribute.

Refer to the OVAL Repository Top Contributors Awards Program page for more information and a list of past recipients.

December 29, 2011

Release Candidate 1 of OVAL Version 5.10.1 Now Available

Release Candidate 1 of Version 5.10.1 of the OVAL Language is now available on the OVAL Web site. Version 5.10.1 is scheduled to be moved to the Official stage on January 13, 2012. This is an update version change, per the revised OVAL Language Versioning Policy, that fixes a critical issue discovered in Version 5.10 of the OVAL Language.

Additional information about Version 5.10.1 is available on the Version 5.10.1 Upcoming Version page.

December 15, 2011

Draft of OVAL Version 5.10.1 Now Available

A Draft of Version 5.10.1 of the OVAL Language is now available on the OVAL Web site. Version 5.10.1 is scheduled to be moved to the Official stage on January 13, 2012.

Version 5.10.1 is an update version change that fixes a critical issue discovered in Version 5.10 of the OVAL Language, per the new "OVAL Language Versioning Policy" document. Version 5.10.1 adds the missing extended_name entity to the linux-def:rpmverifypackage_state and fixes the minOccurs attribute on the entities in the linux-def:rpmverifypackage_object and linux-def:rpmverifyfile_object so that they are required. Finally, this draft includes an update to the schema_version entity, in the oval:GeneratorType, so that it aligns with the new three-component version identifier in the updated OVAL Language Versioning Policy.

Additional information about Version 5.10.1 is available on the Version 5.10.1 Upcoming Version page.

OVAL Language Versioning Policy Updated

The "OVAL Language Versioning Policy" document has been updated. The new policy describes that there are now three different types of releases: Major, Minor, and Update; it also explains the new version identifier format of MAJOR.MINOR.UPDATE (e.g., Version 5.10.1). By allowing update releases to the most recent version of the OVAL Language, such as the upcoming update of the current official version of the OVAL Language from Version 5.10 to Version 5.10.1 on January 13, 2012, fixes and other important updates to the language can be made available to the public as quickly as possible.

December 1, 2011

OVAL Test Content Downloads Moved to SourceForge.net

The OVAL Test Content downloads will now be hosted on the SourceForge.net Web site at http://sourceforge.net/projects/ovaltestcontent/. The transition was made to provide better access to the OVAL Test Content downloads and related documentation, as well as public access to bug tracking and feature request tracking for the test content.

The OVAL Test Content Page on SourceForge includes the following:

SVN Repository File Review/Downloads
Bug and Feature Request Tracking
Wiki
Help Forum

The OVAL Test Content page on the OVAL Web site will now point visitors to the new location for file distribution. Please send any comments or concerns to oval@mitre.org.

Page Last Updated: February 03, 2012