Compatibility Questionnaire: Security-Database (Security System Analyzer Version 1.5) — Archive
Important: The OVAL Compatibility Program was moved to "archive" status in December 2009, and replaced with the "OVAL Adoption Program." Under the OVAL Adoption Program product validation is performed by an external organization, allowing the OVAL Team to focus on educating vendors on best practices regarding the use and implementation OVAL and on how OVAL can continue to evolve as needed by the community.
Refer to the OVAL Adoption Program section for addition information and to review all products and services listed.
Organizational Information
Name of Your Organization:
Web Site:
Product Information
Product/Service Name:
Compatible Categories:
OVAL Systems Characteristics Consumer
OVAL Definition Consumer
OVAL Results Producer
OVAL Results Consumer
Product/Service Home Page:
Product Accessibility
The license agreement for the free edition SSA 1.5 is planned with the next release.
Language Version Indication
The HTML report generated by SSA relies on the OVAL™ interpreter output. Advanced report is planned with the next release. It will include schema version, name/version of the product that created and more information about the system audited.
Approach for Correction of Errors
A special email (ssa@security-database.com ) is created and monitored for users to supply us with bugs and errors.
A public bug reporter is planned (http://www.security-database.com/ssa/bugsreporting/)
Once a bug is discovered, reproduced and confirmed, a new release is announced.
The SSA page (http://www.security-database.com/ssa.php ) keeps up-to-date with the latest versions and information about major and minor bugs.
Compatibility Documentation
The documentation is available for download as a PDF file from this location http://www.security-database.com/ssa.php . It will be included and linked in a menu with the next coming release (1.5b).
The first chapter defines clearly the OVAL concept and recommend users to refer to FAQs and documentation available at http://oval.mitre.org
We have planned to translate the documentation to French.
Language Support
Finding Elements Using OVAL
The SSA real time console displays the possible identified vulnerabilities and misconfigurations using the OVAL ID and its associated CVE reference.
Moreover, SSA digs into the OVAL xml files to grab information using an embedded xml reader. The HTML results file is based upon the OVAL™ interpreter.
We have planned to include an OVAL ID search database plug-in (read and display information from the OVAL xml files). The updater add-on already offers the ability to download them.
We have planned to produce new results file based on OVAL ID with its associated CVE reference and more in-depth information about the system (users, patches, services, application inventory, protocols in use...)
OVAL Content Importation Process Explanation
SSA can consume OVAL content at runtime.
Statement of Compatibility
Have an authorized individual sign and date the following Compatibility Statement (required):
"As an authorized representative of my organization I agree that we will abide by all of the mandatory compatibility requirements as well as all of the additional mandatory compatibility requirements that are appropriate for our specific type of capability."
Name: | Nabil Ouchn | |
Title: | Lead developer, SSA project |
Statement of Accuracy
Have an authorized individual sign and date the following accuracy Statement (recommended):
"As an authorized representative of my organization and to the best of my knowledge, there are no errors in the correctness of our capability's use of the OVAL Language and the interpretation of the logic."
Name: | Nabil Ouchn | |
Title: | Lead developer, SSA project |
Statement on Follow-on Correctness Testing Support
Have an authorized individual sign and date the following statement about your organizations willingness to support correctness testing of other capabilities, which will be managed by the Reviewing Authority and kept to reasonable levels of effort for all involved. (required):
"As an authorized representative of my organization, we agree to support the Review Authority in follow-on correctness testing activities, where appropriate types of OVAL documents might need to be exchanged with other organizations attempting to prove the correctness of their capabilities."
Name: | Nabil Ouchn | |
Title: | Lead developer, SSA project |
Page Last Updated: December 17, 2009