Novell Home

Oval

From Developer Community

Project Administration | Files | CVS | Subversion

This project is an implementation of the OVAL language for all Novell products. Through this project definition files associated with the suse-security-announce mailinglist will be authored to provide end-user analysis and verification of the current state of a machine installed with Novell software and products.

[edit]

brief summary

Open Vulnerability and Assessment Language (OVALâ„¢) is an international, information security, community standard to promote open and publicly available security content, and to standardize the transfer of this information across the entire spectrum of security tools and services. OVAL includes a language used to encode system details, and an assortment of content repositories held throughout the community. The language standardizes the three main steps of the assessment process: representing configuration information of systems for testing; analyzing the system for the presence of the specified machine state (vulnerability, configuration, patch state, etc.); and reporting the results of this assessment. The repositories are collections of publicly available and open content that utilize the language.

The OVAL community has developed three schemas written in Extensible Markup Language (XML) to serve as the framework and vocabulary of the OVAL Language. These schemas correspond to the three steps of the assessment process: an OVAL System Characteristics schema for representing system information, an OVAL Definition schema for expressing a specific machine state, and an OVAL Results schema for reporting the results of an assessment.

[edit]

highlighted benefits

[edit]

language

   * A simple and straight-forward approach for determining if a software vulnerability, configuration issue, program, or patch exists on a given system.
   * Standard Extensible Markup Language (XML) schemas that outline the necessary security-relevant configuration information.
   * A single XML document that encodes the precise details of specific issue.
   * An open source alternative to closed, proprietary, and replicated efforts.
   * Supported by a community of security experts, system administrators, and software developers
   * Industry-endorsed via the OVAL Board and OVAL Developers Forum.
[edit]

categories

   * OVAL System Characteristics schema for collecting configuration data from systems for testing.
   * OVAL Definition schema for testing the presence of a specific machine state (vulnerable, compliance, etc.).
   * OVAL Results schema for reporting the results from the evaluated systems.


[edit]

File Releases

Vulnerability Definition: SUSE-SA:2006:073 - Finished
Vulnerability Definition: SUSE-SA:2006:076 - Finished
Vulnerability Definition: SUSE-SA:2006:077 - Finished
Compliance Definition: openSUSE 10.2 Controlled Access Protection Profile Evaluation - 15%[synopsis in development]

CVS Subversion

[edit]

Documentation

Waiting for administrative authorization.

[edit]

bugzilla

Please log bugs in Bugzilla.

Bugs this week:


[edit]

members

Waiting for administrative authorization.

Retrieved from "http://developer.novell.com/wiki/index.php/Oval"

Novell® Making IT Work As One

© 2008 Novell, Inc. All Rights Reserved.