News and Events - 2013 Archive

OVAL News RSS Feed Subscribe to the OVAL News feed to get notifications of our latest headlines.

December 13, 2013

"OVAL Authoring Style Checker" Document Updated

The updated OVAL Authoring Style Checker document, which is a set of Schematron rules developed to check OVAL Definitions for compliance with the OVAL Repository Style Guide, is now available in the OVAL Repository section of the OVAL Web site.

Please send any feedback on the updated document to the OVAL Repository Forum, or directly to oval@mitre.org.

OVAL Board Holds Teleconference Meeting

The OVAL Board held a teleconference meeting on December 9, 2013. Discussion topics included Board voting processes and process improvements for the OVAL Language Sandbox. Read the meeting minutes.

Back to top
November 21, 2013

New OVAL Board Member

David Solin of jOVAL.org has joined the OVAL Board.

New OVAL Board Member

Jamie Cromer of Symantec Corporation has joined the OVAL Board.

New OVAL Board Member

Jack Vander Pol of SPAWAR, U.S. Navy has joined the OVAL Board.

OVAL Test Content Downloads Moved to GitHub.com

The OVAL Test Content downloads will now be hosted on the GitHub.com Web site at https://github.com/OVALProject/Test-Content. The transition was made to provide better access to the OVAL Test Content downloads and related documentation, as well as better public access to bug tracking and feature request tracking for the test content.

The OVAL Test Content page on GitHub includes the following:

  • GitHub Repository File Review/Downloads
  • Bug and Feature Request Tracking
  • Wiki

The OVAL Test Content page on the OVAL Web site will now point visitors to the new location for file distribution. Please send any comments or concerns to oval@mitre.org.

Back to top
October 25, 2013

Three New OVAL Board Process Documents Now Available

Three new process documents have been added to the OVAL Board page in the Community section: "OVAL Board Member Roles, Tasks, Qualifications, and Authority," "OVAL Board Voting Process," and "Processes for Adding, Transferring, and Removing OVAL Board Members."

OVAL Board Meeting Minutes Now Available

Meeting minutes for the OVAL Board teleconference meeting held on Monday, October 7, 2013 have been posted in the Community section.

Back to top
October 3, 2013

OVAL Repository Announces Top Contributors Awards for Q3-2013

ALTX-SOFT, G2, Inc., and SecPod Technologies received the "OVAL Repository Top Contributors Awards" for Q3-2013. The awards serve as public recognition of an organization’s support of the OVAL Repository and as an incentive to others to contribute.

Refer to the OVAL Repository Top Contributors Awards Program page for more information and a list of past recipients.

Meeting Minutes from Developer Days 2013 Now Available

Meeting minutes from the OVAL sessions at Developer Days 2013 held on July 22-24, 2013 at MITRE Corporation in McLean, Virginia, USA are now available in the OVAL Community section.

Back to top
September 25, 2013

Draft 2 of OVAL Version 5.11 Now Available

Draft 2 of Version 5.11 of the OVAL Language is now available on the OVAL Web site.

Version 5.11 is a minor version change that adds support for the last login time in the win-def:user_sid55_test; adds support for four new registry value types in the win-def:registry_test; adds support for the operator attribute on the oval-def:PossibleRestrictionType; and includes numerous documentation improvements in the OVAL Language schemas and specifications including the ipv4_address and ipv6_address datatypes and operations.

Future draft releases of Version 5.11 will include additional changes and updates.

Additional information about Version 5.11 is available on the Version 5.11 Upcoming Version page.

Beyond Security Posts OVAL Adoption Questionnaire to Become Official OVAL Adopter

OVAL Adopter Beyond Security Ltd. achieved the second phase of the OVAL Adoption Process by submitting an OVAL Adoption Questionnaire for AVDS.

In Phase 2 of the adoption process the organization's completed adoption requirements evaluation questionnaire, which includes detailed technical information of how the organization has incorporated OVAL into its product or service per the current best-practice usages of OVAL as described in the "OVAL Technical Use Cases Guide," is posted on the OVAL Web site and the product is now eligible to use the Official OVAL Adopter product/service logo.

A total of 25 products to-date have been recognized as Official OVAL Adopters.

For additional information and to review the complete list of all products and services participating in the adoption program, visit the OVAL Adoption Program section.

Back to top
August 28, 2013

OVAL Board Meeting Minutes Now Available

Meeting minutes for the OVAL Board teleconference meeting held on Monday, July 8, 2013 have been posted in the Community section.

Back to top
August 13, 2013

Beyond Security Makes Declaration to Adopt OVAL

Beyond Security Ltd. declared that its vulnerability and configuration assessment and management tool, AVDS, incorporates OVAL.

For additional information about this and other products using OVAL, visit the OVAL Adoption Program section.

MITRE Hosts OVAL Booth at Black Hat Briefings 2013

MITRE hosted a "Strengthening Cyber Defense" booth that included OVAL at Black Hat Briefings 2013 at Caesar’s Palace in Las Vegas, Nevada, USA, on July 27 – August 1, 2013.

Visit the OVAL Calendar for information on this and other events.

Back to top
July 31, 2013

OVAL Briefing Slides from Developer Days 2013 Now Available

MITRE Corporation hosted Developer Days 2013 on July 22-24, 2013 at MITRE in McLean, Virginia, USA. The three-day event, which focused primarily on the OVAL effort, remediation, and continuous monitoring and risk scoring (CMRS), was a success and we thank all who participated.

15 briefing presentations from the OVAL-focused sessions are now available for download on the Developer Days page on the OVAL Web site.

Back to top
July 19, 2013

Final Agenda, OVAL Session Read-Ahead Materials, and Audio/Web Participation Details Now Available for MITRE’s Developer Days 2013 on July 22-24

The final event agenda for MITRE’s free Developer Days 2013 conference scheduled for July 22-24, 2013 at MITRE in McLean, Virginia, USA is now available at https://oval.mitre.org/community/docs/Developer_Days_2013_Agenda.pdf.

OVAL session read-ahead material is also available at https://oval.mitre.org/community/docs/Developer_Days_2013_Read-Ahead_Material.pdf.

Event attendees should contact oval@mitre.org for Audio/Web Conference participation details.

For lodging and other event details visit the event registration page.

Back to top
July 12, 2013

Registration Now Closed for MITRE’s Developer Days 2013 on July 22-24

Registration is now closed for MITRE’s free Developer Days 2013 event scheduled for July 22-24, 2013 at MITRE in McLean, Virginia, USA. For the event agenda, lodging, and other event details please visit the event details page.

OVAL Board Holds Teleconference Meeting

The OVAL Board held a teleconference meeting on July 8, 2013. Discussion topics included status updates on the OVAL Language, OVAL Repository, and OVAL Interpreter; the upcoming Developer Days 2013 event; and the Board voting processes. Meeting minutes will be posted when available.

Back to top
July 2, 2013

OVAL Repository Announces Top Contributors Awards for Q2-2013

ALTX-SOFT, G2, Inc., and SecPod Technologies received the "OVAL Repository Top Contributors Awards" for Q2-2013. The awards serve as public recognition of an organization’s support of the OVAL Repository and as an incentive to others to contribute.

Refer to the OVAL Repository Top Contributors Awards Program page for more information and a list of past recipients.

MITRE Hosting OVAL Booth at Back Hat Briefings 2013, July 27 - August 1

MITRE will host a "Strengthening Cyber Defense" booth that includes OVAL at Black Hat Briefings 2013 at Caesar’s Palace in Las Vegas, Nevada, USA, on July 27 - August 1, 2013. Attendees will learn how information security data standards facilitate both effective security process coordination and the use of automation to assess, manage, and improve the security posture of enterprise security information infrastructures.

Members of the OVAL Team will be in attendance. Please stop by Booth 242 and say hello!

Visit the OVAL Calendar for information on this and other events.

Back to top
June 26, 2013

Agenda Now Available for MITRE’s Developer Days 2013 on July 22-24

The agenda for MITRE’s free Developer Days 2013 event scheduled for July 22-24, 2013 at MITRE in McLean, Virginia, USA is now available at https://register.mitre.org/devdays/agenda.pdf.

For registration, lodging, and other event details visit the event registration page. Please note that registration will close on July 5.

Back to top
June 21, 2013

OVAL Repository Surpasses 15,000+ Definitions Milestone

The OVAL Repository surpassed the 15,000 OVAL Definitions milestone on June 21, 2013 with a new grand total of 15,105 definitions now available to the public on the OVAL Web site for a wide variety of platforms including Windows, Red Hat, Solaris, SUSE, Cisco IOS, and Mac OS.

This milestone was a direct result of significant participation by the OVAL Community. Numerous organizations have contributed OVAL Definitions to the OVAL Repository including SecPod Technologies, Maitreya Security, SCAP.com, LLC, Depository Trust & Clearing Corporation (DTCC), MITRE Corporation, ThreatGuard, Inc., Hewlett-Packard, G-2, Inc., Symantec, Inc., Secure Elements, Inc., Bastille Linux, Gideon Technologies, Inc., National Institute of Standards and Technology (NIST), GFI Software Ltd., Opsware, Inc., McAfee, Inc., and OS2A, while others have made modifications to existing definitions including G-2, MITRE, Symantec, SecPod Technologies, Telos Corporation, ALTX-SOFT, ThreatGuard, DTCC, Opsware, Centennial Software, Maitreya Security, Gideon Technologies, Secure Elements, Hewlett-Packard, NIST, Bastille Linux, BigFix, Inc., Security-Database, and GFI Software.

We thank all of these organizations for their contributions.

NopSec, Inc. Posts OVAL Adoption Questionnaire to Become Official OVAL Adopter

OVAL Adopter NopSec, Inc. achieved the second phase of the OVAL Adoption Process by submitting an OVAL Adoption Questionnaire for NopSec Unified Vulnerability Risk Management (VRM).

In Phase 2 of the adoption process the organization’s completed adoption requirements evaluation questionnaire, which includes detailed technical information of how the organization has incorporated OVAL into its product or service per the current best-practice usages of OVAL as described in the "OVAL Technical Use Cases Guide," is posted on the OVAL Web site and the product is now eligible to use the Official OVAL Adopter product/service logo.

A total of 24 products to-date have been recognized as Official OVAL Adopters.

For additional information and to review the complete list of all products and services participating in the adoption program, visit the OVAL Adoption Program section.

Back to top
June 7, 2013

Registration Now Open for MITRE’s Developer Days 2013 on July 22-24

MITRE Corporation will host the fifth Developer Days event on July 22-24, 2013, at MITRE in McLean, Virginia, USA. This three-day event is technical in nature and focuses on the Open Vulnerability and Assessment Language (OVAL®) effort, remediation, and other security automation topics.

The purpose of the event is for the community to discuss OVAL and other security automation efforts and specifications in technical detail and to derive solutions that benefit all concerned parties.

MITRE first hosted Developer Days in 2005 and has been running them annually ever since. The model for these technical exchanges has since been adopted as the format used by the security automation community.

An agenda will be available soon. For registration, lodging, and other event details, please visit: https://register.mitre.org/devdays/.

GCP Global Posts OVAL Adoption Questionnaire to Become Official OVAL Adopter

OVAL Adopter GCP Global achieved the second phase of the OVAL Adoption Process by submitting an OVAL Adoption Questionnaire for ORCA.

In Phase 2 of the adoption process the organization’s completed adoption requirements evaluation questionnaire, which includes detailed technical information of how the organization has incorporated OVAL into its product or service per the current best-practice usages of OVAL as described in the "OVAL Technical Use Cases Guide," is posted on the OVAL Web site and the product is now eligible to use the Official OVAL Adopter product/service logo.

A total of 23 products to-date have been recognized as Official OVAL Adopters.

For additional information and to review the complete list of all products and services participating in the adoption program, visit the OVAL Adoption Program section.

Back to top
May 8, 2013

Information-technology Promotion Agency, Japan (IPA) Posts OVAL Adoption Questionnaire to Become Official OVAL Adopter

OVAL Adopter Information-technology Promotion Agency, Japan (IPA) achieved the second phase of the OVAL Adoption Process by submitting an OVAL Adoption Questionnaire for My JVN API.

In Phase 2 of the adoption process the organization’s completed adoption requirements evaluation questionnaire, which includes detailed technical information of how the organization has incorporated OVAL into its product or service per the current best-practice usages of OVAL as described in the "OVAL Technical Use Cases Guide," is posted on the OVAL Web site and the product is now eligible to use the Official OVAL Adopter product/service logo.

A total of 22 products to-date have been recognized as Official OVAL Adopters.

For additional information and to review the complete list of all products and services participating in the adoption program, visit the OVAL Adoption Program section.

MITRE Hosts Community Call about "OVAL for Android"

MITRE hosted an "OVAL for Android" teleconference meeting on May 6, 2013 for the OVAL Community. Discussion topics included the current status of the OVAL for Android schemas (i.e., Experimental Android Definitions Schema and Experimental Android System Characteristics Schema), use cases by examining sample content (i.e., Sample Content and Proof-of-Concept System-Characteristics Producer Android Application), and what commercial vendors may want to integrate. Meeting minutes will be posted when available.

OVAL Board Meeting Minutes Now Available

Meeting minutes for the OVAL Board teleconference meeting held on Monday, April 29, 2013, which was a follow-up to the OVAL Board Meeting held on April 8, 2013, have been posted in the Community section.

Back to top
April 26, 2013

MITRE Hosting "OVAL for Android" Community Call on May 6

Since last year’s Developer Days event, the OVAL Team has been actively working to expand upon the Android schemas in the OVAL Language Sandbox as well as to develop a proof-of-concept Android application that produces the system-characteristics for an Android device. As a result, we would like to have a community conference call to provide an overview of our progress on the schemas, discuss a couple of use cases, discuss how the schemas might be used by commercial vendors, and most importantly get feedback from the community.

As noted below the conference call will be held on Monday, May 6, 2013 from 11:00 AM to 12:00 PM EST. Please reply to oval@mitre.org if you plan to attend. In order to ensure that we will have a successful call, we need to confirm attendance from a reasonable number of community members.

As always, if you have any questions or suggestions for topics of discussion related to the OVAL and Android work, please let us know and we will incorporate them into the call.

CALL DETAILS

Date/Time:
May 06, 2013 at 11:00 AM to 12:00 PM America/New_York (EST)

Meeting ID:
780313

Password:
68252255

Dialing Instructions:
781-271-6338 (x16338) from the Bedford, MA region
703-983-6338 (x36338) from the Washington DC region, Nationally, or Internationally

Joining the Web Conference:

  1. Go to: http://audioconference.mitre.org
  2. Enter 780313 into the empty field and click Attend Meeting.

    Accept any security warnings you receive and wait for the Meeting Room to initialize.

  3. If MeetingPlace Collaboration Window does not automatically open, press connect.

AGENDA

  • Current status of the OVAL for Android work
  • Use cases by examining sample content
  • What commercial vendors may want to integrate
  • Any potential issues or challenges

DISCUSSION PREPARATION MATERIALS

For context on previous discussions and lower-level details about the changes to the schemas, we recommend reviewing last year’s Developer Days minutes as well as the corresponding oval-developer-list posts (see links below under RESOURCES).

Most importantly for the call, we recommend reviewing the current schemas and sample content in the OVAL Language Sandbox and considering the following questions:

Commercial Vendors:

  • Do the schemas address the needs of your customers assessing Android devices?
  • Are there ambiguities or questions regarding the implementation of the capabilities in the schemas?

Content Authors:

  • Are the schemas designed and documented in such a way that they are easy to understand and use?
  • Is there anything that is unclear?

End Users:

  • Do the schemas address your needs for assessing Android devices?

Given that mobile devices are a new area for OVAL, it is very important that we hear your feedback to ensure that we arrive at a solution that is usable by the community.

RESOURCES

For your convenience, a calendar invite for the community call is available here:
To add this event to your Outlook calendar, click here.

Questions or concerns about this community conference call are welcome at oval@mitre.org.

OVAL a Main Topic of Cisco Webinar about Security Automation

OVAL Board member Cisco Systems, Inc. hosted a webinar on April 23, 2013 entitled "Security Automation Live" that included OVAL as a main discussion topic. The webinar description stated that attendees would learn about "security automation; Cisco’s machine readable content strategy; and vulnerability assessment using OVAL. Discuss how customers can use OVAL to quickly assess the effects of security vulnerabilities in Cisco IOS Software devices. Learn step-by-step instructions about how to use OVAL content with available open source tools and ask questions about these emerging technologies and standards."

The webinar sign-up page also advocated the benefits of security automation by stating: "Cisco is helping customers by adopting cutting-edge security automation standards such as the Open Vulnerability and Assessment Language (OVAL) and the Common Vulnerability Reporting Framework (CVRF)."

OVAL Board Meeting Minutes Now Available

Meeting minutes for the OVAL Board teleconference meeting held on Monday, April 8, 2013 have been posted in the Community section.

Back to top
April 17, 2013

OVAL Interpreter Updated to Version 5.10.1.5

The OVAL Interpreter and its source code have been updated to Version 5.10.1.5. Specific updates to the OVAL Interpreter included adding support for the ipv6_address datatype, improving how the linux-def:rpminfo_item’s signature_keyid entity is collected, modifying the collection format for the win-def:file_item’s language entity to now be specified by the OS, and fixing some issues reported by the OVAL Community.

A detailed list of updates and fixes is available in the download bundle. See the OVAL Interpreter Page on SourceForge for the latest information.

OVAL Board Holds Teleconference Meeting

The OVAL Board held a teleconference meeting on April 8, 2013. Discussion topics included status updates on the OVAL Language, OVAL Repository, and OVAL Interpreter; a status update for the upcoming minor release OVAL Version 5.11; an OVAL IETF overview; follow-up on the face-to-face OVAL Board Meeting held at RSA 2013; and a review of Board roles/responsibilities and membership processes. Meeting minutes will be posted when available.

New OVAL Board Member

Pat Fetty of Microsoft Corporation has joined the OVAL Board. He replaces Michael Tan, who has left the Board.

MITRE Hosts OVAL Booth at InfoSec World 2013

MITRE hosted a "Strengthening Cyber Defense" booth that included OVAL at InfoSec World Conference & Expo 2013 at Walt Disney World Swan and Dolphin in Orlando, Florida, USA, on April 15-17, 2013. Attendees learned how information security data standards facilitate both effective security process coordination and the use of automation to assess, manage, and improve the security posture of enterprise security information infrastructures.

Visit the OVAL Calendar for information on this and other events.

OVAL Mentioned in "Automating Security Compliance & Operations to Protect Critical Infrastructure" Webinar

MITRE Senior Information Assurance Engineer Luis Nunez was a guest speaker on the topic of Industry Collaboration in a webinar entitled "Automating Security Compliance & Operations to Protect Critical Infrastructure" on April 9, 2013. Senior Director of Systems Engineering, Federal, at Juniper Networks Tim LeMaster was also a speaker, and Bob Ackerman, SIGNAL Magazine Editor-in-Chief was the moderator. The event was sponsored by Juniper Networks.

Discussion topics for the webinar included: why automation is essential to protect critical network and computing infrastructures, cost-effective strategies for improved secure information-sharing, how to start simplifying network operations, and how network automation and orchestration are essential for seamless workflow management. Open Vulnerability and Assessment Language (OVAL®) and Common Vulnerabilities and Exposures (CVE®) were also mentioned.

Back to top
April 4, 2013

OVAL Repository Announces Top Contributors Awards for Q1-2013

ALTX-SOFT, G2, Inc., and SecPod Technologies received the "OVAL Repository Top Contributors Awards" for Q1-2013. The awards serve as public recognition of an organization’s support of the OVAL Repository and as an incentive to others to contribute.

Refer to the OVAL Repository Top Contributors Awards Program page for more information and a list of past recipients.

"Automating Security Compliance & Operations to Protect Critical Infrastructure" Webinar, April 9

MITRE Senior Information Assurance Engineer Luis Nunez will be a guest speaker on the topic of Industry Collaboration in a webinar entitled "Automating Security Compliance & Operations to Protect Critical Infrastructure" on April 9, 2013 from 1:00 pm - 2:00 pm, Eastern Daylight Time. Senior Director of Systems Engineering, Federal, at Juniper Networks Tim LeMaster will also be a speaker, and Bob Ackerman, SIGNAL Magazine Editor-in-Chief will be the moderator. The event is sponsored by Juniper Networks.

Discussion topics for the webinar will include: why automation is essential to protect critical network and computing infrastructures, cost-effective strategies for improved secure information-sharing, how to start simplifying network operations, and how network automation and orchestration are essential for seamless workflow management.

For more information and to register visit http://www.afcea.org/signal/webinar.

Photos from OVAL Booth at RSA 2013

MITRE hosted a "Strengthening Cyber Defense" booth that included OVAL at RSA Conference 2013 at the Moscone Center in San Francisco, California, USA, on February 25 – March 1, 2013.

Strengthening Cyber Defense booth photos:

Photo from RSA 2013 Photo from RSA 2013 Photo from RSA 2013 Photo from RSA 2013 Photo from RSA 2013 Photo from RSA 2013 Photo from RSA 2013 Photo from RSA 2013 Photo from RSA 2013 Photo from RSA 2013 Photo from RSA 2013 Photo from RSA 2013

Visit the OVAL Calendar for information on this and other events.

Back to top
March 8, 2013

MITRE to Host OVAL Booth at InfoSec World 2013, April 15-17

MITRE will host a "Strengthening Cyber Defense" booth that includes OVAL at InfoSec World Conference & Expo 2013 at Walt Disney World Swan and Dolphin in Orlando, Florida, USA, on April 15-17, 2013. Attendees will learn how information security data standards facilitate both effective security process coordination and the use of automation to assess, manage, and improve the security posture of enterprise security information infrastructures.

Members of the OVAL Team will be in attendance. Please stop by Booth 313 and say hello!

Visit the OVAL Calendar for information on this and other events.

MITRE Hosts OVAL Booth at RSA 2013

MITRE hosted a "Strengthening Cyber Defense" booth that included OVAL at RSA Conference 2013 at the Moscone Center in San Francisco, California, USA, on February 25 – March 1, 2013.

Visit the OVAL Calendar for information on this and other events.

OVAL Board Holds Meeting at RSA 2013

The OVAL Board held an informal face-to-face meeting on February 26, 2013 at RSA Conference 2013 in San Francisco, California, USA to discuss a potential transfer of the OVAL Language to a formal standards body. Read the meeting minutes.

Back to top
February 20, 2013

Draft of OVAL Version 5.11 Now Available

A Draft of Version 5.11 of the OVAL Language is now available on the OVAL Web site. Version 5.11 is scheduled to be moved to the Official stage in September 2013.

Version 5.11 is a minor version change that adds support for notes in variables; deprecates the digest_check_passed and signature_check_passed entities in the linux-def:rpmverifypackage_test; adds support for the collection of hive values in the win-def:registry_test; and includes several documentation improvements in the OVAL Language schemas and specifications.

Future draft releases of Version 5.11 will include additional changes and updates.

Additional information about Version 5.11 is available on the Version 5.11 Upcoming Version page.

OVALProject Language Repository Now Available on GitHub.com

The OVALProject Language Repository is now available on Github.com. The OVALProject Language Repository on GitHub will serve as the central location for OVAL Community members to make open-source contributions and manage issue tracking for the OVAL schemas and other supporting information and items.

The OVALProject Repositories on GitHub also include OVAL Language Sandbox, which provides a collaborative environment for the community to propose, experiment with, and fully investigate and implement new capabilities before including them in an official release to ensure that only mature and implementable constructs are added to the OVAL Language.

Please send any comments, requests, or suggestions about the OVALProject on GitHub to oval@mitre.org.

Institute for Information Industry — CyberTrust Technology Institute Posts OVAL Adoption Questionnaire to Become Official OVAL Adopter

OVAL Adopter Institute for Information Industry — CyberTrust Technology Institute achieved the second phase of the OVAL Adoption Process by submitting an OVAL Adoption Questionnaire for Crystal Security Keeper (CSK).

In Phase 2 of the adoption process the organization’s completed adoption requirements evaluation questionnaire, which includes detailed technical information of how the organization has incorporated OVAL into its product or service per the current best-practice usages of OVAL as described in the "OVAL Technical Use Cases Guide," is posted on the OVAL Web site and the product is now eligible to use the Official OVAL Adopter product/service logo.

A total of 21 products to-date have been recognized as Official OVAL Adopters.

For additional information and to review the complete list of all products and services participating in the adoption program, visit the OVAL Adoption Program section.

ATM Software sp. z o.o. Makes Declaration to Adopt OVAL

ATM Software sp. z o.o. declared that its server/software lifecycle management with OVAL repository and vulnerability assessment, ATM Information Security Workflow, will incorporate OVAL.

For additional information about this and other products using OVAL, visit the OVAL Adoption Program section.

Updated OVAL Introductory Flyer Now Available

The updated OVAL Introductory Flyer, which is a brief two-page introduction to the OVAL effort, is now available on the Documents page.

Back to top
February 7, 2013

MITRE to Host OVAL Booth at RSA 2013, February 25 – March 1

MITRE is scheduled to host a "Strengthening Cyber Defense" booth that includes OVAL at RSA Conference 2013 at the Moscone Center in San Francisco, California, USA, on February 25 – March 1, 2013. Attendees will learn how OVAL and other information security data standards facilitate both effective security process coordination and the use of automation to assess, manage, and improve the security posture of enterprise security information infrastructures.

Members of the OVAL Team will be in attendance. Please stop by Booth 2617 and say hello!

Visit the OVAL Calendar for information on this and other events.

"Related Efforts" Page Added to OVAL Web Site

A Related Efforts page has been added to the Community section of the OVAL Web site. The new page notes other cyber security structuring and standardization efforts that have direct relationships to OVAL.

Back to top
January 25, 2013

OVAL Board Holds Teleconference Meeting

The OVAL Board held a teleconference meeting on January 14, 2013. Discussion topics included status updates on the OVAL Language, OVAL Repository, and OVAL Interpreter; release planning for upcoming minor release OVAL Version 5.11; results from the OVALDI Usage Survey; and Solaris 11 patching needs. Read the meeting minutes.

New OVAL Board Member

William Munyan of Center for Internet Security has joined the OVAL Board.

Back to top
January 11, 2013

OVAL Interpreter Updated to Version 5.10.1.4

The OVAL Interpreter and its source code have been updated to Version 5.10.1.4. Specific updates to the OVAL Interpreter included adding support for the scheduling_class entity in the unix-def:process_test and unix-def:process58_test, and fixing some issues reported by the OVAL Community.

A detailed list of updates and fixes is available in the download bundle. See the OVAL Interpreter Page on SourceForge for the latest information.

New OVAL Board Member

Steven Piliero of Unified Compliance has joined the OVAL Board. He previously represented Center for Internet Security.

Back to top
January 4, 2013

MITRE Announces Initial "Making Security Measurable" Calendar of Events for 2013

MITRE has announced its initial Making Security Measurable calendar of events for 2013. Details regarding MITRE’s scheduled participation at these events are noted on the OVAL Calendar page. Each listing includes the event name with URL, date of the event, location, and a description of our activity at the event.

Other events may be added throughout the year. Visit the OVAL Calendar for information or contact oval@mitre.org to have MITRE present a briefing or participate in a panel discussion about OVAL®, CVE®, CCE™, CPE™, CEE™, CWE™, CWSS™, CAPEC™, MAEC™, CybOX™, STIX™, TAXII™, and/or Making Security Measurable at your event.

OVAL Repository Announces Top Contributors Awards for Q4-2012

ALTX-SOFT, G2, Inc., and SecPod Technologies received the "OVAL Repository Top Contributors Awards" for Q4-2012. The awards serve as public recognition of an organization’s support of the OVAL Repository and as an incentive to others to contribute.

Refer to the OVAL Repository Top Contributors Awards Program page for more information and a list of past recipients.

Back to top

Page Last Updated: February 25, 2014