OVAL Language

The OVAL Language standardizes the three main steps of the assessment process: representing configuration information of systems for testing; analyzing the system for the presence of the specified machine state (vulnerability, configuration, patch state, etc.); and reporting the results of the assessment. In this way, OVAL enables open and publicly available security content and standardizes the transfer of this content across the entire spectrum of information security tools and services.

Language Releases

Current and upcoming OVAL Language releases, with links to information and downloads for each, are listed below. Changes to the OVAL Language are a direct result of feedback from the OVAL community. Past versions of OVAL are available in the OVAL Archive.

Version 5.11.1 fixes three critical bugs in the Core schemas and addresses multiple platform Schematron issues affecting the Core. The schema_version element received improved documentation while the NotesType fixes backwards incompatibility between 5.11 and earlier. Documentation fixes were supplied for the GlobToRegex OVAL Function. Several platforms were updated in conjunction with this release.

Upcoming Versions

Participate in the next version of OVAL on the OVAL Developer’s Forum:

Page Last Updated: April 22, 2015