Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

🏠 Back to Blog

CVE (Common Vulnerabilities and Exposures)

CVE is a publically available catalog of security issues sponsored by the United States Department of Homeland Security (DHS).

OVAL (Open Vulnerability and Assessment Language)

  • OVAL is an international, community-driven effort to standardize how to assess and report upon the machine state of computer systems. It includes a language for specifying system details, a method for evaluating those details, and a reporting format for the results. OVAL provides a language for encoding system attributes and various types of content within the security community.
  • The OVAL repo has over 7000 definitions for public use.
  • The goal of the OVAL process is to have a 3 step structure during the assessment process:
    1. Identify a systems’ configuration for testing
    2. Evaulate the current systems’ state
    3. Disclose the information in a report
  • OVAL definitions are recorded in XML
  • The four main classes of OVAL definitions consist of:
    1. Vulnerability Definitions
    2. Compliance Definitions
    3. Inventory Definitions
    4. Patch Definitions