RealNews

Look it up: A common language for vulnerabilities

Mitre Corp., which hosts the Common Vulnerability Exposure List, a federally funded standard dictionary of software bugs, is developing a standard language to use in searching for these vulnerabilities in computer systems. The Open Vulnerability Assessment Language is the next step in standardizing vulnerability management, said Robert A. Martin, CVE compatibility lead for Mitre, of Bedford, Mass. “It’s how you describe the test conditions for vulnerabilities,” Martin said today at the Secure Trusted Operating System Consortium Symposium in Washington. It will describe software configuration parameters used in querying various platforms for known vulnerabilities. Until development of the CVE in 1999 there was no standard way to identify the vulnerabilities that plague software. The various communities involved in info security—software developers and vendors, researchers, security experts, systems administrators and security officers—describe vulnerabilities in different ways, making it difficult to discuss security problems. Full Story

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.