Industry News Coverage - 2007 Archive

Below is a comprehensive monthly review of the news and other media's coverage of OVAL. A brief summary of each news item is listed with its title, author (if identified), date, and media source.

October 2007

Secure Elements Web Site, October 23, 2007

The OVAL Repository was the main topic of an October 23, 2007 news release from Secure Elements, Inc. entitled "Secure Elements Receives OVAL Repository Top Contributor Award For Advancing Open Information Security Content Standards for the 3rd Quarter of 2007."

In addition to a paragraph describing OVAL and the Repository the release includes a quote by OVAL Program Lead Jon Baker describing the reason for the award: "The OVAL Repository Top Contributor Award is reserved for organizations that assist in making the OVAL Repository a gold standard for open information security content. Secure Elements is recognized again for their invaluable content submissions of new definitions and enhancements to existing Repository content."

The release also includes a quote by Secure Elements' Chief Technical Officer Andrew Bove who states: "Secure Elements is proud to lead the growing OVAL community by contributing our information assurance expertise. This recognition reflects our commitment to support publicly available security content initiatives such as the OVAL Repository and for the NIST Information Security Automation Program (ISAP), where we are the custodians of the XML content for auditing the Federal Desktop Core Configuration (FDCC) for Microsoft Vista and XP."

Secure Elements, Inc. is a member of the OVAL Board and its C5 Compliance Platform Version 3.0 is listed on the OVAL Web site as "Officially OVAL-Compatible."

Processor Magazine, October 5, 2007

OVAL was mentioned in the "Product Releases" article in Processor Magazine on October 5, 2007. OVAL is mentioned in the "Security" section of the article regarding Secure Elements' C5 Compliance Platform 3.3, which "...is the first product to work with NIST SCAP content to help federal government agencies meet the OMB Mandate. It also helps with compliance with NIST ISAP/SCAP initiative for auditing security configurations using OVAL, XCCDF, CPE, CVSS, CCE, and CVE."

Back to top
September 2007

NetworkWorld, September 25, 2007

OVAL was mentioned in an article entitled "Service-oriented security" in NetworkWorld on September 25, 2007. OVAL is mentioned when the author discusses Security Content Automation Protocol (SCAP). The author states: "The basic premise is that the only way we'll ever get a handle on the operational challenges of security management is to automate as many of the processes as possible. SCAP pulls information from a number of standardized information sources, including (warning: acronym soup ahead): the eXtensible Configuration Checklist Description Format (XCCDF), the Open Vulnerability Assessment Language (OVAL), Common Vulnerability Scoring System, (CVSS) and Common Vulnerabilities and Exposures (CVE) database." The article was written by Andreas M. Antonopoulos.

Secure Elements Web Site, September 18, 2007

OVAL was mentioned in a September 18, 2007 news release from Secure Elements, Inc. entitled "Secure Elements Announces New Version of IT Audit and Compliance Platform." OVAL is mentioned in the portion of the release that describes how Secure Elements' C5 Compliance Platform Version 3.3 adds enhanced NIST SCAP FISMA reporting: "For federal government agencies, C5 is the first enterprise solution that works directly with the NIST SCAP content to help them meet the OMB Mandate for secure desktop configurations as well as incorporating all of the latest standards as defined by the NIST ISAP/SCAP initiative for auditing security configurations utilizing OVAL, XCCDF, CPE, CVSS, CCE and CVE."

Secure Elements, Inc. is a member of the OVAL Board and its C5 Compliance Platform Version 3.0 is listed on the OVAL Web site as "Officially OVAL-Compatible."

Back to top
August 2007

SC Magazine, August 20, 2007

OVAL was the main topic of an August 20, 2007 article entitled "Hot or not: Open Vulnerability Assessment Language" in SC Magazine. The author states: "The open standard OVAL promises to ease the integration of security applications and help organizations develop security checks for highly-customized networks and applications."

In the article the author explains what OVAL is, how it works, and the benefits of adopting OVAL: "The benefits of OVAL are many. For instance, security administrators can develop their own custom security checks, or they can use any of the more than 2,000 OVAL definitions. And security products from different vendors can share information and be integrated more easily through the use of OVAL. By choosing OVAL compatible solutions, organizations can deploy best-of-breed products for vulnerability assessments and policy assessments, and even link results to SIMs and other tools for advanced correlation to better identify where the highest risks lie."

The author concludes the article by describing OVAL's involvement in the U.S. National Institute of Standards and Technology's (NIST) Security Content Automation Protocol (SCAP), and states: "As these standards continue to evolve and grow, they'll improve security product integration even further, and give security teams the control necessary to develop the tools they need to keep their infrastructures secure, no matter how customized their networks and applications."

The article was written by OVAL Board member Qualys, Inc.'s Director of Vulnerability Research Labs, Amol Sarwate.

Back to top
May 2007

Government Computer News, May 22, 2007

OVAL was mentioned in a May 22, 2007 article entitled "NIST releases FISMA security control tools" in Government Computer News. The main topic of the article is the U.S. National Institute of Standards and Technology's (NIST) Security Content Automation Protocol (SCAP), which according to the article is an "automated checklist that uses a collection of recognized standards for naming software flaws and configuration problems in specific products. It can help test for the presence of vulnerabilities and rank them according to severity of impact. The checklist files are mapped to NIST specifications for compliance with the Federal Information Security Management Act, so that the output can be used to document FISMA compliance."

OVAL is mentioned when the author states that "SCAP currently uses six open standards for enumerating, evaluating and measuring the impact of software problems and reporting the results," and includes OVAL as follows: "Open Vulnerability and Assessment Language, OVAL, from MITRE; a standard XML for security testing procedures and reporting." The other five standards are: Common Vulnerabilities and Exposures (CVE), a dictionary of standard identifiers for security vulnerabilities related to software flaws; Common Configuration Enumeration (CCE), standard identifiers and a dictionary for system security configuration issues; Common Platform Enumeration (CPE), standard identifiers and a dictionary for platform and product naming; Extensible Configuration Checklist Description Format (XCCDF), a standard for specifying checklists and reporting results; and Common Vulnerability Scoring System (CVSS), a standard for conveying and scoring the impact of vulnerabilities.

SCAP is an expansion of the U.S. National Vulnerability Database (NVD) that is based upon the CVE List, and NVD, CVE, and OVAL are all sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. The article was written by William Jackson.

Back to top
March 2007

Network Computing, March 19, 2007

OVAL was included as a product feature in a March 19, 2006 product review article entitled "Rollout: Kace KBox 1000/2000 Series Appliances" in Network Computing. OVAL is mentioned as follows: "Add-ons to the 1000 series include a full asset-management package that tracks hardware and software configurations and licenses, a helpdesk package, and a vulnerability scan and audit component. The vulnerability scan is based on OVAL (Open Vulnerability and Assessment Language), a security standard used by the U.S. Computer Emergency Readiness Team and the Department of Homeland Security. OVAL results on our test machines pointed out some egregious vulnerabilities, particularly on the machines we had not added to the patch group."

KACE Networks, Inc.'s KBOX 1000 Series Systems Management Appliances is Officially OVAL-Compatible and is listed in the OVAL-Compatible Products and Services section. The article was written by Steven Schuchart Jr.

Back to top
February 2007

Secure-Elements.com, February 6, 2007

OVAL was included in a February 6, 2006 news release from Secure-Elements, Inc. entitled "Secure Elements announces first ever training program for authoring standards based XML documents for system audit and compliance measurement". OVAL is mentioned in the first sentence of the release: "Secure Elements, Inc., today announced at the RSA 2007 Conference that they will begin offering hands-on training courses regarding authoring and use of the Open Vulnerability Assessment Language (OVAL) and the eXtensible Configuration Checklist Description Format (XCCDF) for individuals and organizations interested in authoring documents for IS Audit evaluations and vulnerability assessments. As the world's first enterprise software vendor to support these standards, and seasoned authors of their own content that are active contributors to the NIST Security Content Automation Program (SCAP), they will provide unique insights, tips, strategies, and lessons learned that are not available elsewhere."

OVAL is mentioned again in a quote by Secure Elements CTO Andrew Bove, who states: "XML, OVAL, and XCCDF represent a complex semantic landscape and even though they are mapped very well, some organizations prefer or need a guide to help them navigate. For organizations that desire to "jump start" their efforts, or for which the required skill sets may not be their core competency, we're here to help."

Secure Elements, Inc. is a member of the OVAL Board and its product C5 EVM product is listed in the OVAL-Compatible Products and Services section.

SC Magazine, February 6, 2007

OVAL was cited in the description of SC Magazine's "Editor's Choice Professional Award" to the NSA's Information Assurance Directorate's Vulnerability Analysis and Operations (VAO) Group for its work in the past year with the U.S. Air Force and Microsoft Corporation to "examine and provide security-setting recommendations for Microsoft's new Vista operating system" and to promote the use of standards. OVAL was mentioned as follows: "The VAO Group is also shaping the development of security standards for vulnerability naming and identification, such as the Open Vulnerability and Assessment Language (OVAL), Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE) standards." The "2007 SC Magazine Awards" were presented on February 6, 2007 at the Hilton San Francisco in San Francisco, California, USA.

Secure-Elements.com, February 5, 2007

OVAL was included in a February 5, 2006 news release from Secure-Elements, Inc. entitled "Secure Elements Launches the C5 Compliance Platform at RSA Conference 2007". OVAL is mentioned when the release states that conference attendees will be available to see demonstrations of the product at the Secure Elements booth and "as part of the RSA Expo OVAL (Open Vulnerability Assessment Language) Interoperability Demonstration that was held by MITRE across the show floor."

Secure Elements, Inc. is a member of the OVAL Board and its product C5 EVM product is listed in the OVAL-Compatible Products and Services section.

Back to top

Page Last Updated: January 02, 2008