OVAL - Open Vulnerability and Assessment Language

About OVAL

Documents

FAQs

OVAL in Use

Products

Interoperability

Adoption Program

OVAL Community

OVAL Board

Forums Sign-Up

Forum Archives

Free Newsletter

OVAL Repository

Latest Updates

Submit Content

OVAL Language

Releases

Use Cases

OVAL Interpreter

Site Map

OVAL® International in scope and free for public use, OVAL is an information security community effort to standardize how to assess and report upon the machine state of computer systems. OVAL includes a language to encode system details, and an assortment of content repositories held throughout the community.

Tools and services that use OVAL for the three steps of system assessment — representing system information, expressing specific machine states, and reporting the results of an assessment — provide enterprises with accurate, consistent, and actionable information so they may improve their security. Use of OVAL also provides for reliable and reproducible information assurance metrics and enables interoperability and automation among security tools and services.

OVAL in the Enterprise
Vulnerability Assessment Configuration Management Patch Management Policy Compliance	Community Repositories of OVAL Content Vulnerability Databases and Advisories Benchmark Writing Security Content Automation

Related Efforts
Vulnerabilities (CVE) Configurations (CCE) Platforms (CPE) Software Weakness Types (CWE) Attack Patterns (CAPEC) Cyber Observables (CybOX)	Checklist Language (XCCDF) Log Format (CEE) Malware (MAEC) Security Content Automation (SCAP) Build Security In Making Security Measurable

Focus On

Join the OVAL Community!

System administrators, software vendors, security analysts, developers, and other members of the information security community are invited to participate in the OVAL effort by joining our email news and discussion lists:

OVAL-Announce — General news about OVAL.
OVAL Developer’s Forum — Lightly moderated public forum for discussing the OVAL Language, and its implementation and inclusion in tools and services.
OVAL Repository Forum — Lightly moderated public forum for discussing new and previously posted OVAL Repository content, as well the issues that affect the writing of OVAL Definitions.

View our Privacy Policy.

Page Last Updated: August 16, 2012

Latest News

Lunarline, Inc. Makes Declaration to Adopt OVAL

New OVAL Board Member for Tripwire

OVAL/Making Security Measurable booth at Black Hat Briefings 2012

DISA FSO Makes Declaration to Adopt OVAL

DISA FSO Now Listed on "Other Repositories" Page

OVAL Briefing Slides from Security Automation Developer Days 2012 Now Available

More News »

Upcoming Events

OVAL/Making Security Measurable booth at 2012 Information Assurance Expo, August 27-30

OVAL/Making Security Measurable booth and SCAP briefings at IT Security Automation Conference 2012, October 3-5

More Events »