Developer Days

MITRE hosts OVAL Developer Days conferences each year at The MITRE Corporation in Bedford, Massachusetts. The purpose of the event is for the OVAL Community to discuss, in technical detail, the more difficult issues facing the current and future versions of OVAL and to derive solutions that benefit all concerned parties and continue the development of the OVAL Language.

Information about upcoming and/or past conferences is included below:

Security Automation Workshop 2014

The "Security Automation Workshop," hosted at the MITRE McLean site, will bring government and industry together in order to develop a consensus way forward for the endpoint posture assessment standards being developed in the Internet Engineering Task Force (IETF) Security Automation Continuous Monitoring (SACM) Working Group.

This three-day event is geared towards security automation tool vendors, end users, and other related stakeholders. The agenda includes sessions that illustrate operational gaps and issues, as well as challenges with the current security automation efforts. Documents associated with the IETF SACM group will be discussed as well as other related standards work. In addition to USG-led sessions, other select industry and end users will be asked to share their experiences and challenges with the group. The intent is to have open and productive discussions about how to collect, evaluate, and report standardized data that is needed to identify software vulnerabilities, detect software tampering, and defects in software configurations to support a number of operational and security processes.

As this event is designed to foster collaborative conversation between government and industry, the targeted audience is those key stakeholders within vendors, end user groups, and select government agencies that bring deep existing domain knowledge to the discussions. This is not intended to serve as an introduction for those that wish to learn about this landscape, and as such those that require introductory information are asked to pursue that in a different venue. Attendees for the event should be prepared to share their experiences and ideas for the future state of security automation and should be directly involved with the related topics.

Agenda and Read-Ahead Materials:

Registration and Event Details:

Minutes:

MITRE’s Developer Days 2013

MITRE Corporation hosted the fifth Developer Days event on July 22-24, 2013, at MITRE in McLean, Virginia, USA. This three-day event was technical in nature and focuses on the Open Vulnerability and Assessment Language (OVAL®) effort, remediation, and other security automation topics.

The purpose of the event is for the community to discuss OVAL and other security automation efforts and specifications in technical detail and to derive solutions that benefit all concerned parties. MITRE first hosted Developer Days in 2005 and has been running them annually ever since. The model for these technical exchanges has since been adopted as the format used by the security automation community.

Materials from the event include the following:

IT Security Automation Conference 2012

The 8th Annual IT Security Automation Conference was hosted by the National Institute of Standards and Technology, in conjunction with the Department of Homeland Security, National Security Agency, and Defense Information Systems Agency, on October 3-5, 2012. "Security automation leverages [the CVE®, CCE™, CPE™, OVAL®, OCIL™, XCCDF, ARF, CCSS, and CVSS community] standards and specifications to reduce the complexity and time necessary to manage vulnerabilities, measure security, and ensure compliance, freeing resources to focus on other areas of the IT infrastructure."

For additional information and downloads, visit: https://itsac.g2planet.com/itsac2012/.

MITRE’s Security Automation Developer Days 2012

MITRE Corporation hosted the fourth Security Automation Developer Days conference on July 9-13, 2012, at MITRE in Bedford, Massachusetts, USA. This five-day conference is technical in nature and focuses on the U.S. National Institute of Standards and Technology’s (NIST) Security Content Automation Protocol (SCAP).

The purpose of the event is for the community to discuss SCAP — and the existing standards upon which it is based including Open Vulnerability and Assessment Language (OVAL®), Common Platform Enumeration (CPE™), Common Configuration Enumeration (CCE™), Extensible Configuration Checklist Description Format (XCCDF), and Open Checklist Interactive Language (OCIL) — in technical detail and to derive solutions that benefit all concerned parties. All current and emerging SCAP standards are addressed at this workshop. MITRE first hosted Developer Days in 2005 and has been running them annually ever since. The model for these technical exchanges has since been adopted as the format used by the Security Automation community.

Materials from the event include the following:

IT Security Automation Conference 2011

OVAL was a main topic at the 7th Annual IT Security Automation Conference hosted by the National Institute of Standards and Technology, in conjunction with the Department of Homeland Security, National Security Agency, and Defense Information Systems Agency, on October 31 - November 2, 2011. This three-day event focused on the breadth and depth of automation principles and technologies designed to support automation requirements across organizations in multiple sectors.

OVAL downloads:

OVAL Workshop Slides (PDF, 1,264 KB)

For additional information and downloads, visit: http://www.nist.gov/itl/csd/7th-annual-scap-conference.cfm.

MITRE’s Security Automation Developer Days 2011

MITRE Corporation hosted the third Security Automation Developer Days conference on June 14-17, 2011, at MITRE in Bedford, Massachusetts, USA. This four-day conference is technical in nature and focuses on the U.S. National Institute of Standards and Technology’s (NIST) Security Content Automation Protocol (SCAP).

The purpose of the event is for the community to discuss SCAP — and the existing standards upon which it is based including Open Vulnerability and Assessment Language (OVAL®), Common Platform Enumeration (CPE™), Common Configuration Enumeration (CCE™), Extensible Configuration Checklist Description Format (XCCDF), and Open Checklist Interactive Language (OCIL) — in technical detail and to derive solutions that benefit all concerned parties. All current and emerging SCAP standards are addressed at this workshop. MITRE first hosted Developer Days in 2005 and has been running them annually ever since. The model for these technical exchanges has since been adopted as the format used by the Security Automation community.

Materials from the event include the following:

OVAL Status & Workshop Slides (ZIP, 4,247 KB)

OVAL Developer Days 2011 Minutes (PDF, 433 KB)

Security Automation Developer Days 2011 Agenda (PDF, 122 KB)

Security Automation Developer Days Spring 2011

The Security Automation Developer Days Spring 2011 conference was held March 22-25, 2011 at National Institute of Standards and Technology (NIST) in Gaithersburg, Maryland, USA.

The purpose of this event was for the community to discuss key security automation-related initiatives including Open Vulnerability and Assessment Language (OVAL®), Common Platform Enumeration (CPE™), Extensible Configuration Checklist Description Format (XCCDF), Open Checklist Interactive Language (OCIL), and Remediation in detail to further the development of these initiatives and to derive solutions that benefit all concerned parties. The conference, hosted by NIST, is a collaborative effort of NIST and the MITRE Corporation.

OVAL downloads:

OVAL Status & Workshop Slides (ZIP, 3096 KB)

OVAL Spring 2011 Developer Days Minutes (PDF, 79 KB)

Back to top

IT Security Automation Conference 2010

OVAL was a main topic at the 6th Annual IT Security Automation Conference hosted by the National Institute of Standards and Technology, in conjunction with the Department of Homeland Security, National Security Agency, and Defense Information Systems Agency, on September 27-29, 2010. This three-day event focused on the breadth and depth of automation principles and technologies designed to support automation requirements across organizations in multiple sectors.

OVAL downloads:

OVAL Tutorial Slides (PDF, 1340 KB)

OVAL Status Update Slides (PDF, 988 KB)

OVAL Workshop Slides (PDF, 940 KB)

OVAL Workshop Minutes (PDF, 398 KB)

MITRE’s Security Automation Developer Days 2010

MITRE Corporation hosted the second Security Automation Developer Days conference at which OVAL was a main topic on June 14-16, 2010, at MITRE in Bedford, Massachusetts, USA. The purpose of the three-day conference is for the community to discuss all current and emerging Security Content Automation Protocol (SCAP) standards in technical detail and to derive solutions that benefit all concerned parties. A brief technical overview of software assurance efforts sponsored by the Department of Homeland Security was also provided on the third day of the conference.

OVAL downloads:

OVAL Developer Days 2010 Slides (PDF, 458 KB)

OVAL and the Trusted Platform Module (PDF, 658 KB)

OVAL Developer Days 2010 Minutes (PDF, 933 KB)

For all downloads and additional information visit http://msm.mitre.org/participation/devdays.html#2010.

Back to top

MITRE’s Security Automation Developer Days 2009

This year, the annual OVAL Developer Days conference was incorporated into the first-ever Security Automation Developer Days 2009 conference held June 8-12, 2009 at MITRE in Bedford, Massachusetts, USA. OVAL was a main topic of this event.

OVAL downloads:

OVAL Developer Days 2009 Slides (PDF, 257 KB)
OVAL Developer Days 2009 Minutes (PDF, 591 KB)

For all downloads and additional information visit http://msm.mitre.org/participation/devdays.html.

OVAL Developer Days Conference — 2008

OVAL hosted its third Developer Days conference on April 28-29, 2008 at MITRE Corporation in Bedford, Massachusetts, USA. Specific talks included What Goes Into a Major Version, Merging the <affected> Element into the Criteria Section for Version 6, Definitions as the Focal Point, Reusing Content Across External Repositories, Supporting Network Devices, Repository and Reference Implementation Transition, Status of Stand-Alone Objects, Choice Structure, Agility in the OVAL Language, Future of OVAL Compatibility, Regular Expression Syntax, OVAL’s XML Footprint, and What Is Needed in a Remediation Language.


Materials from the event include the following:

Developer Days 2008 Agenda (PDF, 224 KB)
Developer Days Briefing Slides (ZIP, 4 MB)
Developer Days 2008 Invitation (PDF, 93 KB)
Developer Days Minutes (PDF, 293 KB)

OVAL Developer Days Conference — 2006

OVAL hosted its second Developer Days conference July 11-12, 2006. Specific talks included A Look at Version 5, OVAL Repository Quality, XCCDF-P, OVAL Compatibility, and FISMA Turning Toward OVAL.

Materials from the event include the following:

Developer Days Meeting Agenda (PDF, 141 KB)
Developer Days Briefing Slides (ZIP, 591 KB)
Developer Days Minutes (PDF, 131 KB)
News & Photos (HTML)

OVAL Developer Days Conference — 2005

OVAL hosted its first-ever Developer Days conference July 18-19, 2005. Topics included OVAL Definitions, OVAL Schemas, OVAL Compatibility, OVAL Interpreter, and Web Services, among others.

Materials from the event include the following:

Developer Days Meeting Agenda (PDF, 117 KB)
Developer Days Briefing Slides (ZIP, 591 KB)
Developer Days Minutes (PDF, 119 KB)
News & Photos (HTML)

Back to top

Page Last Updated: November 07, 2014