News and Events (Archive) - 2014 Archive
Subscribe to the OVAL News feed to get notifications of our latest headlines.
OVAL Board Holds Teleconference Meeting
The OVAL Board held a teleconference meeting on October 20, 2014. Discussion topics included status updates on the OVAL Language, OVAL Repository, and OVAL Interpreter; OVAL Repository transition details; the Security Automation and Continuous Monitoring (SACM) information model; and a separate versioning policy in OVAL follow-up. Read the meeting minutes.
Meeting Minutes from Security Automation Workshop Now Available
Meeting minutes from the Security Automation Workshop held on August 26-28, 2014 at MITRE Corporation in McLean, Virginia, USA are now available on the OVAL Web site.
OVAL Repository Announces Top Contributors Awards for Q3-2014
ALTX-SOFT, Hewlett-Packard Development Company, L.P., and SecPod Technologies received the "OVAL Repository Top Contributors Awards" for Q3-2014. The awards serve as public recognition of an organization's support of the OVAL Repository and as an incentive to others to contribute.
Refer to the OVAL Repository Top Contributors Awards Program page for more information and a list of past recipients.
Security Automation Workshop 2014
Security Automation Workshop 2014, hosted at MITRE Corporation in McLean, Virginia, USA on August 26-28, 2014, will bring government and industry together in order to develop a consensus way forward for the endpoint posture assessment standards being developed in the Internet Engineering Task Force (IETF) Security Automation Continuous Monitoring (SACM) Working Group.
This three-day event is geared towards security automation tool vendors, end users, and other related stakeholders. The agenda includes sessions that illustrate operational gaps and issues, as well as challenges with the current security automation efforts. Documents associated with the IETF SACM group will be discussed as well as other related standards work. In addition to U.S. Government-led sessions, other select industry and end users will be asked to share their experiences and challenges with the group. The intent is to have open and productive discussions about how to collect, evaluate, and report standardized data that is needed to identify software vulnerabilities, detect software tampering, and defects in software configurations to support a number of operational and security processes.
As this event is designed to foster collaborative conversation between government and industry, the targeted audience is those key stakeholders within vendors, end user groups, and select government agencies that bring deep existing domain knowledge to the discussions. This is not intended to serve as an introduction for those that wish to learn about this landscape, and as such those that require introductory information are asked to pursue that in a different venue. Attendees for the event should be prepared to share their experiences and ideas for the future state of security automation and should be directly involved with the related topics.
Visit the Security Automation Workshop 2014 page for an agenda, other event details, and registration information.
Two New OVAL Board Members for HP
Chandan M C and Evani Prasad of Hewlett-Packard Development Company, L.P. have joined the OVAL Board.
New OVAL Board Member for Tripwire
Adam Montville of Tripwire, Inc. has joined the OVAL Board.
OVAL Board Holds Teleconference Meeting
The OVAL Board held a teleconference meeting on July 14, 2014. Discussion topics included status updates on the OVAL Language, OVAL Repository, OVAL Interpreter, and OVAL Adoption Program, the Security Automation and Continuous Monitoring (SACM) information model, and an unofficial extensions in OVAL follow-up. Read the meeting minutes.
OVAL Repository Announces Top Contributors Awards for Q2-2014
ALTX-SOFT, Hewlett-Packard Development Company, L.P., and SecPod Technologies received the "OVAL Repository Top Contributors Awards" for Q2-2014. The awards serve as public recognition of an organization's support of the OVAL Repository and as an incentive to others to contribute.
Refer to the OVAL Repository Top Contributors Awards Program page for more information and a list of past recipients.
Tripwire Posts OVAL Adoption Questionnaire to Become Official OVAL Adopter
Tripwire, Inc. achieved the second phase of the OVAL Adoption Process by submitting an OVAL Adoption Questionnaire for Tripwire Enterprise.
In Phase 2 of the adoption process the organization's completed adoption requirements evaluation questionnaire, which includes detailed technical information of how the organization has incorporated OVAL into its product or service per the current best-practice usages of OVAL as described in the "OVAL Technical Use Cases Guide," is posted on the OVAL Web site and the product is now eligible to use the Official OVAL Adopter product/service logo.
A total of 30 products to-date have been recognized as Official OVAL Adopters.
For additional information and to review the complete list of all products and services participating in the adoption program, visit the OVAL Adoption Program section.
New OVAL Board Member for Cisco
Panos Kampanakis of Cisco Systems, Inc. has joined the OVAL Board.
New OVAL Board Member for NIST
Melanie Cook of U.S. National Institute of Standards and Technology (NIST) has joined the OVAL Board. She replaces Stephen Quinn, who has left the Board.
New Net Technologies Makes Declaration to Adopt OVAL
New Net Technologies, Ltd. declared that its enterprise change and configuration management product, NNT Change Tracker Enterprise, incorporates OVAL. For additional information about this and other products using OVAL, visit the OVAL Adoption Program section.
OVAL Board Holds Teleconference Meeting
The OVAL Board held a teleconference meeting on April 28, 2014. Discussion topics included status updates on the OVAL Language, OVAL Repository, OVAL Interpreter, and OVAL Adoption Program, and unofficial extensions in OVAL. Read the meeting minutes.
OVAL Referenced in Article about Cyber Threat Information Sharing on FederalBluePrint.com
OVAL is referenced in a March 18, 2014 article entitled "How the Department of Defense and the Department of Homeland Security Are Taking Steps Toward Information Sharing" on FederalBluePrint.com.
The main topics of the article are Cyber Observable eXpression (CybOX™), Trusted Automated eXchange of Indicator Information (TAXII™), and Structured Threat Information Expression (STIX™) and the role each plays in standardizing the sharing of cyber threat information, notes that they are U.S. Department of Homeland Security (DHS)-led efforts, and that there are "many manufacturers and researchers" supporting these efforts. OVAL, Common Attack Pattern Enumeration and Classification (CAPEC™), and Malware Attribute Enumeration and Characterization (MAEC™) are also mentioned as related efforts.
The author concludes the article by stating: "We are well under way to defining and implementing a threat information sharing architecture that ultimately provides increased situational awareness. With the efforts be led by DHS with active support from MITRE and the Analyst and Researcher communities this approach is getting traction. Many hardware and software manufacturers are actively engaged in this effort as well. The end goal of this architecture is to allow us to describe all elements of an attack, from reconnaissance activity to post-breach activity. Being able to share this information across agencies will help us to better defend our Assets by collecting a wide-angle view of attacker activity."
OVAL Board Holds Teleconference Meeting
The OVAL Board held a teleconference meeting on April 14, 2014. The main focus of the meeting was a discussion with Kim Watson of the U.S. Department of Homeland Security (DHS) about the change in direction for MITRE's role in OVAL. DHS is the sponsor of OVAL. Read the meeting minutes.
SUSE Makes Declaration to Adopt OVAL
SUSE declared that its Linux patch and configuration management tool, SUSE Manager, incorporates OVAL. For additional information about this and other products using OVAL, visit the OVAL Adoption Program section.
OVAL Interpreter Updated to Version 5.10.1.7
The OVAL Interpreter and its source code have been updated to Version 5.10.1.7. Specific updates to the OVAL Interpreter included fixing the import of Directives and Definition evaluation-id files, adding support for 64-bit RPMs, and fixing some issues reported by the OVAL Community.
A detailed list of updates and fixes is available in the download bundle. See the OVAL Interpreter Page on SourceForge.net for the latest information.
OVAL Repository Announces Top Contributors Awards for Q1-2014
ALTX-SOFT, Hewlett-Packard Development Company, L.P., and SecPod Technologies received the "OVAL Repository Top Contributors Awards" for Q1-2014. The awards serve as public recognition of an organization's support of the OVAL Repository and as an incentive to others to contribute.
Refer to the OVAL Repository Top Contributors Awards Program page for more information and a list of past recipients.
OVAL Board Voting Archive Added to OVAL Website
An OVAL Board Voting Archive of decisions made by the OVAL Board for additions, refinements, and deprecations to the OVAL Language has been added to the OVAL Community section. The archive provides a high-level overview of the final voting results for each issue, along with a link to a detailed summary of the issue being voted upon, a record of the voting, and the final outcome of the vote.
Center for Internet Security Posts OVAL Adoption Questionnaire to Become Official OVAL Adopter
Center for Internet Security achieved the second phase of the OVAL Adoption Process by submitting an OVAL Adoption Questionnaire for Center for Internet Security Configuration Assessment Tool (CIS-CAT).
In Phase 2 of the adoption process the organization's completed adoption requirements evaluation questionnaire, which includes detailed technical information of how the organization has incorporated OVAL into its product or service per the current best-practice usages of OVAL as described in the "OVAL Technical Use Cases Guide," is posted on the OVAL Web site and the product is now eligible to use the Official OVAL Adopter product/service logo.
A total of 29 products to-date have been recognized as Official OVAL Adopters.
For additional information and to review the complete list of all products and services participating in the adoption program, visit the OVAL Adoption Program section.
SPAWAR Posts OVAL Adoption Questionnaire to Become Official OVAL Adopter
SPAWAR Systems Center Atlantic achieved the second phase of the OVAL Adoption Process by submitting an OVAL Adoption Questionnaire for SCAP Compliance Checker.
In Phase 2 of the adoption process the organization's completed adoption requirements evaluation questionnaire, which includes detailed technical information of how the organization has incorporated OVAL into its product or service per the current best-practice usages of OVAL as described in the "OVAL Technical Use Cases Guide," is posted on the OVAL Web site and the product is now eligible to use the Official OVAL Adopter product/service logo.
A total of 29 products to-date have been recognized as Official OVAL Adopters.
For additional information and to review the complete list of all products and services participating in the adoption program, visit the OVAL Adoption Program section.
Altex-Soft Posts OVAL Adoption Questionnaire to Become Official OVAL Adopter
Altex-Soft achieved the second phase of the OVAL Adoption Process by submitting an OVAL Adoption Questionnaire for RedCheck.
In Phase 2 of the adoption process the organization's completed adoption requirements evaluation questionnaire, which includes detailed technical information of how the organization has incorporated OVAL into its product or service per the current best-practice usages of OVAL as described in the "OVAL Technical Use Cases Guide," is posted on the OVAL Web site and the product is now eligible to use the Official OVAL Adopter product/service logo.
A total of 29 products to-date have been recognized as Official OVAL Adopters.
For additional information and to review the complete list of all products and services participating in the adoption program, visit the OVAL Adoption Program section.
Agiliance Makes Declaration to Adopt OVAL
Agiliance declared that its big data risk management software, Agiliance RiskVision, incorporates OVAL. For additional information about this and other products using OVAL, visit the OVAL Adoption Program section.
SUSE Makes Declaration to Adopt OVAL
SUSE declared that its SUSE Linux Enterprise OVAL Information database incorporates OVAL. For additional information about this and other products using OVAL, visit the OVAL Adoption Program section.
New OVAL Board Member for Assuria
Chris Wood of Assuria Limited has joined the OVAL Board. He replaces Nick Connor, who has left the Board.
Rosario Gangemi of IBM Corporation has joined the OVAL Board. She replaces Eric Walker, who has left the Board.
New OVAL Board Member for Qualys
Tigran Gevorgyan of Qualys, Inc. has joined the OVAL Board. He replaces Amol Sarwate, who has left the Board.
New OVAL Board Member for Red Hat
Kurt Seifried of Red Hat, Inc. has joined the OVAL Board. He replaces Mark Cox, who has left the Board.
OVAL Repository Surpasses 20,000+ Definitions Milestone
The OVAL Repository surpassed the 20,000 OVAL Definitions milestone on January 23, 2014 with a new grand total of 20,007 definitions now available to the public on the OVAL Web site for a wide variety of platforms including UNIX, Windows, Mac OS, IOS, and PIX IOS.
This milestone was a direct result of significant participation by the OVAL Community. Numerous organizations have contributed OVAL Definitions to the OVAL Repository including ALTX-SOFT, SecPod Technologies, Maitreya Security, SCAP.com, LLC, Hewlett-Packard, G-2, Inc., Depository Trust & Clearing Corporation (DTCC), MITRE Corporation, ThreatGuard, Inc., and Symantec, Inc., while others have made modifications to existing definitions including G-2, ALTX-SOFT, MITRE, SecPod Technologies, Symantec, Telos Corporation, ThreatGuard, DTCC, Opsware, Inc., and Centennial Software.
We thank all of these organizations for their contributions.
SecPod Technologies Posts OVAL Adoption Questionnaire to Become Official OVAL Adopter
SecPod Technologies achieved the second phase of the OVAL Adoption Process by submitting an OVAL Adoption Questionnaire for SecPod Saner.
In Phase 2 of the adoption process the organization's completed adoption requirements evaluation questionnaire, which includes detailed technical information of how the organization has incorporated OVAL into its product or service per the current best-practice usages of OVAL as described in the "OVAL Technical Use Cases Guide," is posted on the OVAL Web site and the product is now eligible to use the Official OVAL Adopter product/service logo.
A total of 26 products to-date have been recognized as Official OVAL Adopters.
For additional information and to review the complete list of all products and services participating in the adoption program, visit the OVAL Adoption Program section.
ADTsys Software Makes Declaration to Adopt OVAL
ADTsys Software declared that its ADTsys Cloud Security will incorporate OVAL. For additional information about this and other products using OVAL, visit the OVAL Adoption Program section.
OVAL Board Meeting Minutes Now Available
Meeting minutes for the OVAL Board teleconference meeting held on January 6, 2014 have been posted in the OVAL Community section.
OVAL Interpreter Updated to Version 5.10.1.6
The OVAL Interpreter and its source code have been updated to Version 5.10.1.6. Specific updates to the OVAL Interpreter included updating Xerces to version 3.1.1, updating Xalan to version 1.11, and fixing some issues reported by the OVAL Community.
A detailed list of updates and fixes is available in the download bundle. See the OVAL Interpreter Page on SourceForge.net for the latest information.
OVAL Board Holds Teleconference Meeting
The OVAL Board held a teleconference meeting on January 6, 2014. Discussion topics included status updates on the OVAL Language, OVAL Repository, and OVAL Interpreter; the OVAL Language Sandbox Proposal Form; and a proposal to version the core and platforms of the OVAL Language separately. Meeting minutes will be posted when available.
OVAL Repository Announces Top Contributors Awards for Q4-2013
ALTX-SOFT, G2, Inc., Hewlett-Packard Development Company, L.P., and SecPod Technologies received the "OVAL Repository Top Contributors Awards" for Q4-2013. The awards serve as public recognition of an organization's support of the OVAL Repository and as an incentive to others to contribute.
Refer to the OVAL Repository Top Contributors Awards Program page for more information and a list of past recipients.
Page Last Updated: February 18, 2015