OVAL Adoption > Questionnaires

Name of Your Organization:

ToolsWatch.org

Web Site:

https://www.toolswatch.org

Adopting Capability:

vFeed API and Vulnerability Database Community

Capability home page:

https://github.com/toolswatch/vFeed

General Capability Questions

Adoption Capabilities

If the functionality is available now, indicate "Yes." If it has been implemented but not released, indicate "Beta". If planned but not currently available, indicate "Planned". If there are no plans for a specific category, that section(s) is not included as part of the questionnaire below.

OVAL Systems Characteristics Producer — Planned
OVAL Definition Repository — Yes
OVAL Results Consumer — Planned

Product Accessibility <AR_1.9>

Provide a short description of how and where your capability is made available to your customers and the public.

vFeed provides a full aggregated, cross-linked and standardized Vulnerability Database based on CVE and other standards such as OVAL, CWE, CPE, CAPEC etc .. vFeed comes as a Python API and an SQLite Vulnerability Database that can be downloaded using the Github service. Once the Python API is installed, the customers can leverage a simple update to retrieve the full SQlite vFeed Vulnerability Database. The users can leverage from command line the following syntax to list OVAL Ids related to a CVE. #python vfeedcli.py get_oval CVE-2014-0160 The results shows the following

SNIP
-------
[oval_id]: oval:org.mitre.oval:def:24718 [oval_title]: RHSA-2014:0376: openssl security update (Important) [oval_class]: patch [oval_file]: http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:24718 ------- [oval_id]: oval:org.mitre.oval:def:24241 [oval_title]: The TLS and DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read [oval_class]: vulnerability [oval_file]: http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:24241
-------
SNIP

Language Version Indication <AR_1.10>

Describe how and where the capability indicates the version of the OVAL Language used to validate, create, or update its content.

vFeed mirrors the vulnerability database OVAL Ids using the latest official full OVAL Repository (Version 5.10).

Capability Correctness Questions

Error Reporting <AR_2.1>

Indicate how a user who discovers an error in the capability’s use of OVAL can report the error.

The errors and bugs are reported through official vFeed GitHub project page https://github.com/toolswatch/vFeed/issues or contact the main developer through Twitter account @toolswatch

Responding to Error Reports <AR_2.2>

Describe the approach to responding to the above error reports and how applicable fixes will be applied.

All reported errors and issues are investigated and reproduced to evaluate their importance. Most of the time, the vFeed Vulnerability Database is updated to fix the issue. If necessary, the vFeed API is updated to reflect new major changes.

Documentation Questions

Adoption Documentation <AR_3.1>

Provide a copy, or directions to the location, of where the documentation describes OVAL and OVAL Adoption for any customers.

https://github.com/toolswatch/vFeed/wiki/1-vFeed-Framework-Concept

Language Support <AR_3.2>

List each supported component schema and specific OVAL Tests in those component schemas that are supported. (AR_3.2)

independent-definitions-schema.xsd

  • all tests supported

linux-definitions-schema.xsd

  • all tests supported

unix-definitions-schema.xsd

  • all tests supported

windows-definitions-schema.xsd

  • all tests supported

List any core constructs defined in the OVAL Language that are not supported. (AR_3.2)

  • All core constructs are supported.

OVAL Assessment Method<AR_3.3>

List each supported assessment method if applicable. (AR_3.3)

OVAL Content Error Reporting <AR_3.4>

Provide a copy, or directions to the location, of where the documentation describes the procedure by which errors in OVAL content may be reported for any OVAL content that is produced by the product.

All errors and issues regarding OVAL are reported through the main vFeed GitHub page https://github.com/toolswatch/vFeed/issues.

Content Validity Questions

Syntax Error Detection and Reporting <AR_4.1> <AR_4.2> <AR_4.3> <AR_4.4>

Indicate how the product or repository detects and reports syntax errors in any OVAL content that is consumed by the product or repository.

All errors and issues regarding OVAL are reported through the main vFeed GitHub page https://github.com/toolswatch/vFeed/issues.

Definition Evaluator Capability Questions

Content Transparency <AR_8.1> <AR_8.2>

Indicate how the product allows users to determine which OVAL Definitions are being evaluated and examine the details of those definitions.

N/A

Content Import Process Explanation <AR_8.3>

If the capability does not support consuming OVAL content at runtime, explain the documented process by which users can submit OVAL content for interpretation by the capability, including how quickly submitted content is made available to the capability.

N/A

Content Evaluation <AR_8.4> <AR_8.5> <AR_8.6> <AR_8.7>

Indicate how users can review the detailed results of evaluating an OVAL Definition on a target system.

N/A

Full OVAL Results <AR_8.8>

Indicate how users can review the full OVAL Results of the evaluation of an OVAL Definition on a target system.

N/A

Results Consumer Capability Questions

Examine Imported Content <AR_9.1> <AR_9.2>

Indicate how users can review OVAL Results that are imported into the product and explain how users can determine which system a particular set of results applies to.

N/A

Content Import Process Explanation <AR_9.3>

If the capability does not support consuming OVAL content at runtime, explain the documented process by which users can submit OVAL content for interpretation by the capability, including how quickly submitted content is made available to the capability.

N/A

Systems Characteristics Producer Capability Questions

Collecting System Data <AR_5.2> <AR_5.3>

Explain the criteria used to collect system data that is included in an OVAL System Characteristics document.

N/A

Content Export <AR_5.2> <AR_5.3>

Indicate how the product allows users to export OVAL System Characteristics documents.

N/A

Adoption Signature

Questions for Signature

Statement of Adoption <AR_1.2>

"As an authorized representative of my organization I agree that we will abide by all of the mandatory adoption requirements as well as all of the additional mandatory adoption requirements that are appropriate for our specific type of capability."

NAME: Nabil Joseph OUCHN
TITLE: Founder / Developer

Statement of Accuracy <AR_1.2>

"As an authorized representative of my organization and to the best of my knowledge, there are no errors in the correctness of our capability’s use of the OVAL Language and the interpretation of the logic."

NAME: Nabil Joseph OUCHN
TITLE: Founder / Developer

Statement on Follow-On Correctness Testing Support <AR_1.7>

"As an authorized representative of my organization, we agree to support the Review Authority in follow-on correctness testing activities, where appropriate types of OVAL documents might need to be exchanged with other organizations attempting to prove the correctness of their capabilities."

NAME: Nabil Joseph OUCHN
TITLE: Founder / Developer

"Review Completed Questionnaire"

Page Last Updated: July 09, 2015