Industry News Coverage - 2008 Archive
Below is a comprehensive monthly review of the news and other media’s coverage of OVAL. A brief summary of each news item is listed with its title, author (if identified), date, and media source.
MITRE Web Site, December 4, 2008
OVAL was mentioned in a December 1, 2008 MITRE news release entitled "MITRE Releases New Security Software" about its new, open source "Recommendation Tracker" software that "facilitates development of automated security benchmarks." "System administrators use benchmarks — essentially a set of recommendations — to securely configure an operating system or software application and then set up automatic testing to ensure proper configuration."
OVAL is mentioned when the release notes that Recommendation Tracker is "the latest tool developed by MITRE in the last 10 years to help the security community produce automated, standardized benchmarks" and that four MITRE-run information security data standards — OVAL, CCE, CPE, and CVE — are among the six existing standards used in the U.S. National Institute of Standards and Technology’s (NIST) Security Content Automation Protocol (SCAP) to enable automated vulnerability management, measurement, and policy compliance evaluation.
Secure Elements Web Site, April 30, 2008
OVAL was the main topic of an April 30, 2008 news release by Secure Elements, Inc. entitled "Secure Elements Receives OVAL Repository Top Contributor Award for Advancing Open Information Security Content Standard."
The release explains OVAL and the OVAL Repository and includes a quote by OVAL Program Lead Jon Baker, who states: "The OVAL Repository Top Contributor Award is reserved for organizations that assist in making the OVAL Repository a gold standard for open information security content. Secure Elements is recognized today for their invaluable content submissions of new definitions and enhancements to existing Repository content."
The release also includes a quote by Secure Elements’ Chief Security Architect Scott Carpenter, who states: "Secure Elements is proud to support the OVAL community by offering our expertise to accelerate availability of vulnerability checks during the monthly Patch Tuesday exercise. This recognition reflects our commitment to author and contribute to industry leading, publicly available security content initiatives such as the OVAL Repository and for the NIST Information Security Automation Program (ISAP), where we have contributed content for auditing the Federal Desktop Core Configuration (FDCC) for Microsoft Windows XP and Windows Vista. As the first and only vendor that has become NIST SCAP Validated for providing a Vulnerability Database, Secure Elements is recognized as the authoritative "go to" source for content, products, and services during this time of critical federal cyber-initiatives."
Secure Elements, Inc. is a member of the OVAL Board and its C5 Compliance Platform Version 3.0 is listed on the OVAL Web site as "Officially OVAL-Compatible."
Government Computer News, March 3, 2008
OVAL was mentioned in a March 3, 2008 article entitled "SCAP narrows security gap" in Government Computer News. The main topic of the article is the U.S. National Institute of Standards and Technology’s (NIST) Security Content Automation Protocol (SCAP) program, which is "a suite of tools to help automate vulnerability management and evaluate compliance with federal information technology security requirements."
OVAL is mentioned as one of the "more mature standards" of the six SCAP includes: "Open Vulnerability and Assessment Language, also from Mitre, a standard Extensible Markup Language for security testing procedures and reporting."
Three of the other standards the author references as mature are Common Vulnerabilities and Exposures (CVE), a dictionary of standard identifiers for security vulnerabilities related to software flaws; Extensible Configuration Checklist Description Format (XCCDF), a standard for specifying checklists and reporting results; and Common Vulnerability Scoring System (CVSS), a standard for conveying and scoring the impact of vulnerabilities. The author also notes the two "less mature" standards SCAP uses: Common Configuration Enumeration (CCE), standard identifiers and a dictionary for system security configuration issues; and Common Platform Enumeration (CPE), standard identifiers and a dictionary for platform and product naming.
SCAP is an expansion of NIST’s U.S. National Vulnerability Database (NVD) that is based upon the CVE List, and NVD, CVE, and OVAL are all sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. The article was written by William Jackson.
eWeek Magazine, January 13, 2008
OVAL was mentioned in a January 13, 2008 article entitled "PC Lockdown in the Government and Beyond" in eWeek Magazine. The main topic of the article is the U.S. Office of Management and Budget (OMB)-mandated Federal Desktop Core Configuration (FDCC) for Windows XP and Vista.
OVAL is mentioned when the author states: "The [U.S. National Institute of Standards and Technology (NIST)]-developed [Security Content Automation Program (SCAP)] is the technical glue holding the FDCC effort together. SCAP content is security checklist data that is communicated in XML formats and provides data about vulnerability, configuration, compliance and asset information in Extensible Configuration Checklist Description Format and Open Vulnerability and Assessment Language."
Page Last Updated: February 03, 2009
