Industry News Coverage - 2006 Archive

Below is a comprehensive monthly review of the news and other media's coverage of OVAL. A brief summary of each news item is listed with its title, author (if identified), date, and media source.

Secure-Elements.com, December 5, 2006

OVAL was mentioned in a December 5, 2006 news release from Secure-Elements, Inc. entitled "Secure Elements Contributes Compliance Content for Microsoft Windows Vista to the Community". OVAL is mentioned as follows: "Secure Elements solution, the C5 security & compliance platform, is the only product that natively supports XML standards (OVAL 5.0 and XCCDF) for compliance and vulnerability management. With support from the National Institute of Standards and Technology, these standards provide the IT industry the basis for security compliance benchmarks and assessments."

Secure Elements, Inc. is a member of the OVAL Board and its product C5 EVM product is listed in the OVAL-Compatible Products and Services section.

ThreatGuard.com, September 19, 2006

OVAL was included in a September 19, 2006 news release from ThreatGuard, Inc. entitled "ThreatGuard Releases FISMA Scout Compliance & Remediation System." The main focus of the release is ThreatGuard's FISMA Scout compliance and remediation system that consumes "… the automated checklist content from the National Institute of Standards and Technology (NIST) and perform[s] compliance assessments, remediation activities, and scoring." In addition to being included throughout the list of the product's features, OVAL is mentioned in a quote by ThreatGuard's Chief Technology Officer Randal Taylor, who states: "NISTs adoption of XCCDF and OVAL for their checklist content dramatically shifts the industry in a way that is good for the end-user. We are very excited to release FISMA Scout." ThreatGuard's FISMA Scout is free to download.

ThreatGuard, Inc. is a member of the OVAL Board and its ThreatGuard 4.5, ThreatGuard OEM Integration Kit 1.0, ThreatGuard On Demand 1.0, and ThreatGuard Traveler 4.5 products are listed in the OVAL-Compatible Products and Services section.

Secure-Elements.com, September 19, 2006

OVAL was included in a September 19, 2006 news release from Secure-Elements, Inc. entitled "Secure Elements Announces Public Service License." The main focus of the release is Secure Elements' announcement that they now offer "a zero-cost Public Service License to approved organizations public sector and non-profit public service entities." OVAL is mentioned in a description of their C5 EVM product, which is "built upon several key XML Standards: Open Vulnerability Assessment Language (OVAL 5.0), and the eXtensible Configuration Checklist Description Format (XCCDF) as promoted by the Department of Homeland Security (DHS), the National Security Agency (NSA), the National Institute of Standards and Technology (NIST), the Defense Information Systems Agency (DISA), and others. In response to the Cyber Security Research and Development Act of 2002, NIST developed the Security Configuration Checklists Program for IT Products, for which they are now publishing checklists in the XCCDF format."

Secure Elements, Inc. is a member of the OVAL Board and its product C5 EVM product is listed in the OVAL-Compatible Products and Services section.

Healthcare Informatics Online, July 2006

OVAL was mentioned in an article entitled "The 411 on CVE" in the July 2006 issue of Healthcare Informatics Online. The main focus of the article is the success of the Common Vulnerabilities and Exposures (CVE) standard and of the U.S. National Vulnerability Database (NVD) that is built upon CVE identifiers and includes OVAL-IDs as references.

OVAL is mentioned with regard to "automated compliance checking and configuration … [that] could be accomplished using OVAL (Open Vulnerability and Assessment Language) — also being developed by MITRE and XCCDF (Extensible Configuration Checklist Description Format) — the XML-based checklist technology developed by NIST and the National Security Agency." OVAL is mentioned again when the author states: "the Department of Defense has taken the formal step of requiring that information assurance vendors supply CVE- and OVAL-capable products, and MITRE engineers have outlined the way these technologies would interact with XCCDF in automated machine-to-machine vulnerability mitigation operations."

The article was written by Gary Goth. OVAL, CVE, and NVD are sponsored by the U.S Department of Homeland Security.

InfoWorld Magazine, July 7, 2006

OVAL was mentioned in a product review entitled "Kace offers IT automation sized right for SMBs" in the July 7, 2006 issue of InfoWorld. OVAL is mentioned when the author states: "On the vulnerability testing front, KBOX supports OVAL (Open Vulnerability and Assessment Language), [an aspect of which is] a common vulnerability assessment infrastructure also found in offerings from the SEM heavyweights. This common description language for security events standardizes the assessment process, and it's nice to see it in an SMB appliance."

KACE Networks, Inc. and its KBOX IT Management Suite are listed on the OVAL–Compatible Products and Services page. The article was written by Brian Chee.

Red Hat, Inc. News Release, June 21, 2006

Red Hat, Inc. issued a news release on June 21, 2006 entitled "Red Hat Announces OVAL Security Compatibility." The release announces that its Red Hat Enterprise Linux 3 and 4 security advisories are officially OVAL-Compatible and that "Red Hat will now produce and support OVAL patch definitions to provide a structured and machine-readable version of advisories, allowing OVAL-compatible tools to accurately test for the presence of vulnerabilities."

The release also includes a quote from OVAL Board member and Red Hat Security Response Team Lead Mark J. Cox, who states: "As a founding member of the OVAL Board, we've been working with the MITRE Corporation on OVAL for many years. Just as the MITRE CVE project has become common for dealing with vulnerability patches, we expect the same rapid adoption for the OVAL project. This initiative forms part of our commitment to make the deployment of security ubiquitous through the use of industry-wide standards."

Red Hat is a founding member of the OVAL Board and its Red Hat Errata security advisories are listed on the Other Repositories and OVAL-Compatible Products and Services pages.

IEEE Distributed Systems Online, June 2006

OVAL was mentioned in an article about security standards efforts entitled "Functionality Meets Terminology to Address Network Security Vulnerabilities" in the June 2006 issue of IEEE Distributed Systems Online. The main focus of the article is the success of the Common Vulnerabilities and Exposures (CVE) standard and of the U.S. National Vulnerability Database (NVD), which is built upon CVE identifiers and includes OVAL-IDs as references.

OVAL is mentioned in a section entitled "New efforts round out the landscape" as a follow-on standards effort that "standardizes vulnerability queries in a three step XML-based process that eliminates the time-consuming and mistake-laden need for network administrators to interpret a panoply of text-based information from various vendors, public agencies, and consultants." The article concludes with a quote by OVAL Compatibility Program Lead Robert A. Martin who comments on the purpose behind these other information security standards efforts: "People are so used to selecting the vendor and that's kind of the core they build out from. What we want them to do is get married to enabling standards and then build around that."

The article was written by Gary Goth. OVAL, CVE, and NVD are sponsored by the U.S Department of Homeland Security.

KACE Networks, Inc. Web Site, February 15, 2006

KACE Networks, Inc. issued a news release on February 15, 2006 entitled "KACE Awarded Certificate of OVAL Compatibility for Automated Security Auditing For Mid-Market Networks." The release announces KACE's receipt of an official Certificate of OVAL Compatibility at RSA Conference 2006 on February 14th for its KBOX IT Management Suite. The release also describes what OVAL is and that it is sponsored by U.S. Computer Emergency Readiness Team (US-CERT) at the U.S. Department of Homeland Security. The release also includes a quote by Rob Meinhardt, CEO of KACE, who states: "OVAL is rapidly gaining widespread adoption in the industry because it helps IT organizations deal with the very real security and productivity threats that have escalated dramatically in the last five years. The KBOX is the easiest way for Windows administrators to manage security threats today and we're committed to working with standards like OVAL to ensure that Windows security can be managed easily in the future."

BigFix, Inc. Web Site, February 1, 2006

OVAL was mentioned in the "Product and Technology Advances" section of a February 1, 2006 news release by BigFix, Inc. entitled "BigFix Accelerates Business Momentum in Fourth Quarter and 2005 Overall." OVAL was mentioned as follows: "[BigFix] announced support for important industry standards in 2005, including Cisco NAC, Common Vulnerability Exposures (CVE) compatibility certification, Common Vulnerability Scoring System (CVSS), Open Vulnerability [and] Assessment Language (OVAL), SANS Institute best practices, and US Common Criteria. Expanding standards support enhances customer value of the BigFix solutions by providing consolidated integration and expedited use of vulnerability intelligence information from multiple sources."

MITRE Digest, February 2006

OVAL and CVE were the main topics of a February 2006 MITRE Digest article on the MITRE Corporation Web site entitled "Information Assurance Industry Uses CVE and OVAL to Identify Vulnerabilities." The article describes how "as the number of software vulnerabilities continues to increase, MITRE's CVE and OVAL initiatives are becoming standards in the information assurance industry." The article further describes how the growing list of CVE names "ensures enhanced interoperability and security for enterprises" and describes how "OVAL identifies vulnerabilities and configuration issues."

The article concludes with a section on how "MITRE is leveraging the CVE and OVAL Initiatives to help the [U.S.] Department of Defense (DoD) transform its enterprise incident and remediation management efforts" and how "as a result, the DoD will be fundamentally changing the way it deals with vulnerabilities and configuration issues in the commercial and open source components of its infrastructure and mission systems." The article was written by David Van Cleave.

SC Magazine, January 20, 2006

OVAL was mentioned in an opinion article entitled "Innovation Still Exists" in the January 20, 2006 issue of SC Magazine. OVAL is mentioned as one of the projects the author was most impressed with at the 32nd Annual CSI Computer Security Conference: "Next stop was MITRE's [CVE/OVAL/CME] booth. I've been a fan of CVE for as long as it's been in existence. Their big news is OVAL (Open Vulnerability and Assessment Language). This is an extremely cool way to manage vulnerabilities and vulnerability assessments. Again, my team is working with this and merging it with ProDiscover IR using ProScript to do automated host-based vulnerability assessment as part of incident response." The article was written by Peter Stephenson of Norwich University.

Page Last Updated: February 28, 2007